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Get Started 


Asset Management & Tagging API 


Manage assets in your account that you want to scan for security and 
compliance, define asset tags and AWS connectors. 


Modules supported 


VM, PC, SCA, CERTVIEW, CLOUDVIEW 
Authentication 


Authentication to your Qualys account with valid Qualys credentials is 
required for making Qualys API requests to the Qualys API servers. Learn 
more about authentication to your Qualys account 


Get API Notifications 


We recommend you join our Community and subscribe to our API 
Notifications RSS Feeds for announcements and discussions. 


https://community.qualys.com/community/developer/notifications-api 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud- 
based security and compliance solutions. The Qualys Cloud Platform and its 
integrated Cloud Apps deliver businesses critical security intelligence 
continuously, enabling them to automate the full spectrum of auditing, 
compliance and protection for IT systems and web applications on premises, 
on endpoints and elastic clouds. For more information, please visit 
www.qualys.com 


Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All 
other products or names may be trademarks of their respective companies 
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Qualys user account 


Authentication to your Qualys account with valid Qualys credentials is 
required for making Qualys API requests to the Qualys API servers. 


The application must authenticate using Qualys account credentials (user 
name and password) as part of the HTTP request. The credentials are 
transmitted using the “Basic Authentication Scheme” over HTTPS. 


For information, see the “Basic Authentication Scheme” section of RFC #2617: 


http://www.fags.org/rfcs/rfc2617.html 


The exact method of implementing authentication will vary according to 
which programming language is used. 


The allowed methods, POST and/or GET, for each API request are 
documented with each API call in this user guide. 


Sample request - basic authentication 


curl -u "USERNAME :PASSWORD" 
https://qualysapi.qualys.com/qps/rest/2.0/count/am/hostasset 
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URL to Qualys API server 


Qualys maintains multiple Qualys Cloud Platforms. The API server URL that 
you should use for API requests depends on the platform where your Qualys 
account is located. 


Account API server URL 

location 

Qualys US https://qualysapi.qualys.com 

Platform 1 

Qualys US https://qualysapi.qg2.apps.qualys.com 
Platform 2 

Qualys US https://qualysapi.qg3.apps.qualys.com 
Platform 3 

Qualys EU https://qualysapi.qualys.eu 

Platform 1 

Qualys EU https://qualysapi.qg2.apps.qualys.eu 
Platform 2 

Qualys India https://qualysapi.qgl.apps.qualys.in 
Platform 1 

Qualys Private https://qualysapi.<customer_base_url> 


Cloud Platform 


Looking for your API server URL for your account? You can find this easily. 
Just log in to your Qualys account and go to Help > About. You'll see this 
information under Security Operations Center (SOC). 


About 
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Launch Help 


Get Started 


fa x 


Identified Services > 


Identified OS 


Additional References 


Qualys Web Service 
Application Version: 

Online Help Version: 

SCAP Module Version: 
Qualys External Scanners 


Security Operations Center (SOC): 


Scanner Version: 

Vulnerability Signature Version: 
Scanner Services 

Qualys Scanner Appliances 


Security Operations Center (SOC): 
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8.9.0.2-2 
8.9.29-1 
1.2 


64.39.96.0/20 (64.39.96.1-64.39.111.254) 


9.0.29-1 
2.3.492-2 
3.0.12-1 


- qualysguard.qualys.com:443 

- dist01.sjdc01.qualys.com:443 

- nochost.sjdc01.qualys.com:443 
- scanservice1.qualys.com:443 

- all in 64.39.96.0/20 
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Making API calls 


Curl samples in our API doc 


We use curl in our API documentation to show an example how to form REST 
API calls, and it is not meant to be an actual production example of 
implementation. 


Object types 


You have core objects, which represent domain objects for specific business 
goals and related objects which contain related information or collections of 
information. Related objects are often simplified representations of core 
objects but are not implicitly core objects. For example, the tags collection on 
Asset is a simpler form of the Tag core object, but the ports collection is not. 


Collections 


Collections of related objects are found within a container object called a 
QList. These lists will have a specific name for the type of objects they 
contain. For example, the tags collection Asset is a TagSimpleQList and will 
read and write TagSimple API objects. These lists can contain a number of sub 
elements. 


count - (Read only) The total number of items returned in the list element 
list - (Read only) The items contained in the collection on the server 


set - A new collection of items to place in the server side object. Any existing 
items not in the list provided will be discarded. 


add - A new item to be added to the server side object. The item may be 
keyed of one ore more fields depending on the collection. In the even that 
that an item in the add collection collides with an existing entry, the existing 
entry will be updated with the fields provided. Many collections will allow you 
to either associate an existing item with the targeted collection, or create a 
new one and add it to the collection. If you provide a key field, most often id 
or uuid, the object will be looked up and associated. In the absence of these 
fields, a new object will be created (if the list allows it). 
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remove - Removes an element from the list by the collections key, usually id. 
If the item does not exist, the entry will be ignored. Additional fields beyond 
the item key will also be ignored. 


update - Updates item(s) in the collection. This allows you to update the fields 
of non-core items via the objects and reference them. Items will be resolved 
by the collection’s key, and then additional fields applied to the found object. 


In the event that the supplied item does not match an existing related object, 
it will be ignored. 


Whitespace in HTML tags 


Whitespace (which includes line breaks) is not allowed in XML tags that are 
numbers. 


Invalid tag - This syntax will not work 


<id> 
34234 
</id> 


Valid tag - This syntax will work just fine 
<id>345254</id> 


Pagination 

Some API actions will return a list of core objects but will limit the number 
returned (default is 100). You can change which objects are returned and the 
number of objects by specifying a preferences tag in the POST body of your 
request. 

Preferences tag fields: 

startFromOffset - The first item to return by index. The default is 1. 


startFromld - The first item to return by primary key. No default value. 


limitResults - The total number of items to return. The default is 100. 
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The allowed methods, POST and/or GET, for each API request are 
documented with each API call in this user guide. 


Sample pagination settings 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<preferences> 
«startFromOffset»100«/startFromOffset» 
<limitResults>50</limitResults> 
</preferences> 
</ServiceRequest> 


Limit your results 


Use the optional “fields” parameter for any Search or Get API request to limit 
the amount of information returned in the results. Simply specify the fields 
you want to include in the output, and all other information will be filtered out. 
Multiple fields are comma separated and wildcards are supported. 


This get request will fetch tag ID 12345 and return the tag ID, name and 
creation date: 


Sample limit results 


https://qualysapi.qualys.com/qps/rest/2.0/get/am/tag/12345?fields-id,n 
ame, created 


This search request will return the ID of the connector and the ID of any 
default tags attached to the connector: 


Sample search connectors 


https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconnec 
tor?fields-id,defaultTags.list.SimpleTag.id 


Using wildcards, the example above could be represented as: 


Sample search connectors using wildcards 
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https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconnec 
tor?fields-id,defaultTags.*.*.iddSimpleTag.id 
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Tracking API usage by user 


You can track API usage by a user without the need to provide user 
credentials such as the username and password. 


Optional X-Powered-By header 

API usage can be tracked using the X-Powered-By HTTP header which 
includes a unique ID generated for each subscription and a unique ID 
generated for each user. Once enabled, the X-Powered-By HTTP header is 
returned for each API request made by a user. The X-Powered-By HTTP 
header will be returned for both valid and invalid requests. However, it will not 
be returned if an invalid URL is hit or when user authentication fails. 
Contact Qualys Support to get the X-Powered-By HTTP header enabled. 
The X-Powered-By header is returned in the following format: 

X-Powered-By: Qualys:<POD_ID>:<SUB_UUID>:<USER_UUID> 

where, 

- POD ID is the shared POD or a PCP. Shared POD is USPOD1, USPOD2, etc. 
- SUB_UUID is the unique ID generated for the subscription 


- USER_UUID is the unique ID generated for the user. You can use the 
USER_UUID to track API usage per user. 


Sample X-Powered-By header 


X-Powered-By: Qualys: QAPOD4SIC: f972e2cc-69d6-7ebd- 
80e67b9a931475408:06198167-43f3-7591-802a-1c400a0e81b1 


Sample outputs 


Here are sample outputs showing the X-Powered-By HTTP header. 


Sample output for VM, PC 
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HTTP/1.1 200 OK 

Date: Thu, 14 Sep 2017 09:11:21 GMT 

Server: Qualys < X-XSS-Protection: 1 
X-Content-Type-Options: nosniff 

X-Frame-Options: SAMEORIGIN 

X-Powered-By: Qualys:USPOD1:d9a7e94c-0a9d-c745- 
82e9980877cc5043: f178af1e-4049-7fce-81ca-75584feb8e93 
X-RateLimit-Limit: 300 

X-RateLimit-Window-Sec: 3600 
X-Concurrency-Limit-Limit: 500 
X-Concurrency-Limit-Running: 0 
X-RateLimit-ToWait-Sec: 0 

X-RateLimit-Remaining: 298 

« X-Qualys-Application-Version: QWEB-8.11.0.0- 
SNAPSHOT20170914072818114205 

« X-Server-Virtual-Host: qualysapi.qualys.com 

« X-Server-Http-Host: qualysapi.qualys.com 

« Transfer-Encoding: chunked « Content-Type: text/xml;charset=UTF-8 


ANTANI TSS ANTANI AN 
D 


Zo GO GO Gi TBS EDS 


Sample output for other Qualys apps 


229HTTP/1.1 200 OK 

X-Powered-By: Qualys:QAPODASJC: f972e2cc-69d6-7ebd- 
80e67b9a931475d8 : 06198167 -43f3-7591-802a-1c400a30e81b1 
Content-Type: application/xml 

Transfer-Encoding: chunked 

Date: Mon, 04 Dec 2017 05:36:29 GMT 

Server: Apache 

LBDEBUG: NS=10.44.1.12, SERVER=10.44.77.81:50205, CSW=cs-p04- 
qualysapi443, VSERVER=vs -p0@4-papi-8@, ACTIVE-SERVICES=2, HEALTH=100 
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Available operators 


Operators supported by input parameters: 

Integer - EQUALS, NOT EQUALS, GREATER, LESSER, IN 
Text - CONTAINS, EQUALS, NOT EQUALS 

Date - EQUALS, NOT EQUALS, GREATER, LESSER 
Keyword - EQUALS, NOT EQUALS, IN 


Boolean (true/false) - EQUALS, NOT EQUALS 


* NOT EQUALS operator is not supported for update and delete actions. 
Using the NOT EQUALS operator for updating or deleting objects (such as 
tags, assets, host assets, AWS connectors, AWS authentication records, etc.) 
could result in accidental update or deletion of the objects without any 
warning. To prevent accidental updates/deletions, we do not support NOT 
EQUALS operator for updating/deleting objects. 
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JSON Support 


Qualys Asset Management and Tagging API supports JSON requests and 
responses starting with version 2.11. Samples are shown below. 


Headers used in 
samples 


Send JSON request "Content-Type: 
application/json" 


Get response in "Accept: 
JSON application/json" 


Sample 1 - Create a tag 


API request 


cat createTag.json | curl -s -k -X POST -H "Accept: application/json" 
-H "Content-Type: application/json" -H "user: acme ss2" -H "password: 
passwd" -d @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/tag" 


POST data: 
{ 
"ServiceRequest": { 
"data": { 
"Tag": { 
"name": "Parent Tag", 
"ruleType": "NAME CONTAINS", 
"ruleText": "windows", 
reelle cued E TIE SESS 
"children": ( 
"set": { 
"TagSimple": [ 
t name": "Child 1" }, 
{ "name": “Child 2^ } 
] 
} 
} 
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JSON output 


{ 
"ServiceResponse" : { 
datano 
BI sd 
"ruleText" : "windows", 
“Color 3 EE SEES 
"modified" : "2016-01-04T19:51:56Z", 
"name" : "Parent Tag", 
"children" : ( 
mrt ps 
"TagSimple" : ( 
"name" : "Child 2", 
"id" : 2066216 
} 
Lee 
"TagSimple" : { 
san a mesa gabak Kn 
"id" : 2066217 
} 
KOI 
Lë 
"created" : "2016-01-04T19:51:56Z", 
"ruleType" : "NAME CONTAINS", 
"1d. : 2066215 
} 
j l» 
*eount 1, 
"responseCode" : "SUCCESS" 
} 
b 


Sample 2 - Search tags 


API request 
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cat searchTag.json | curl -s -k -X POST -H "Accept: application/json" 
-H "Content-Type: application/json" -H "user: acme_ss2" -H "password: 
passwd" -d @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/tag" 


POST data: 
i 
"ServiceRequest": { 
“filters” = E 


vepiteria K 
"field": "parent", 
"operator": "EQUALS", 
"value": "2035617" 


js 
{ 

"field": "name", 
"operator": "CONTAINS", 
"value": "child" 

js 
{ 

fields. Sig, 
"operator": "IN", 
"value": "2035619,2035618, 2029815" 

» 
if 

"field": "ruleType", 
"operator": "EQUALS", 
"value": "GROOVY" 

js 
{ 

"field": "color", 
"operator": "EQUALS", 
"value": "#EC7000" 

I 
] 
} 


JSON output 
i 
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"ServiceResponse" : { 
datana > EZ 
"Tag" : { 
"ruleText" : "windows", 
Icono 8 E EISE 
"modified" : "2016-01-04T19:51:56Z", 
"name" : "Parent Tag", 
"children" : ( 
sic Eia EEI 
"TagSimple" : { 
"name" : "Child 2", 
"id" : 2066216 
} 
Jo 4 
"TagSimple" : { 
"name" : "Child 1", 
"id" 272066217 
} 
ip 
Jo 
"created" : "2016-01-04T19:51:56Z", 
"ruleType" : "NAME CONTAINS", 
"id" : 2066215 
} 
p da 
"count" : 1, 
"responseCode" : "SUCCESS" 


} 
} 
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Know your portal version 
/aps/rest/portal/version/ 


[GET] 


Using the Version API you can find out the installed version of Portal and its 
sub-modules that are available in your subscription. 


Sample XML 


API request 


curl -u "USERNAME :PASSWORD" -X "GET" -H "Accept: application/xml" 
https://qualysapi.qualys.com/qps/rest/portal/version 


Response 


<?xml versionz"1.0" encoding="UTF-8"?> 
«ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/ve 
rsion.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Portal-Version> 
<PortalApplication-VERSION>2.33.0.0-SNAPSHOT-1 DEVELOP 
#352 (2018-05-07722:53:43Z)</PortalApplication-VERSION> 
<WAS-VERSION>6.0.0.0</WAS-VERSION> 
<FIM-VERSION>1.5.1</FIM-VERSION> 
<VM-VERSION>1.0.3</VM-VERSION> 
<CERTVIEW-VERSION>1.1.0.0</CERTVIEW-VERSION> 
<CM-VERSION>1.20.1</CM-VERSION> 
<MDS-VERSION>2.11.7.0</MDS-VERSION> 
<CA-VERSION>2.9.1.0</CA-VERSION> 
<IOC-VERSION>1.1.0</IOC-VERSION> 
«AV2-VERSION»0.1.0«/AV2-VERSION» 
<QUESTIONNAIRE-VERSION>2.14.0.4</QUESTIONNAIRE-VERSION> 
<WAF - VERSION>2.7.0.0</WAF-VERSION> 
</Portal-Version> 
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</data> 
</ServiceResponse> 


Sample JSON 


API request 


curl -u "USERNAME:PASSWORD" -X "GET" -H "Accept: application/json" 
https://qualysapi.qualys.com/qps/rest/portal/version 


Response 


{ 


"ServiceResponse": { 
"data": [ 


"Portal-Version": { 

"PortalApplication-VERSION": "2.33.0.0-SNAPSHOT-1 DEVELOP 
#352 (2018-05-07T22:53:43Z)", 

"WAS-VERSION": "6.0.0.0", 

SVMSVERSION :- "1.0.3", 

"CM-VERSION": "1.20.1", 

"MDSSVERSION :52.11.7-05; 

SGCASVERSLON: = -2.9.1-05, 

"QUESTIONNAIRE-VERSION": "2.14.0.4", 

"WAF-VERSION": "2.7.0.0" 


Jo 
Ji 
} 

], 

"responseCode": "SUCCESS", 
~eCOunite .2 T 

} 
} 
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Tags 


Create Tag 
/aps/rest/2.0/create/am/tag 


[POST] 


Create a new tag and possibly child tags. 


Permissions required - Managers with full scope, other users must have these 
permissions: Access Permission “API Access”, Tag Permission “Create User 
Tag”, Tag Permission “Modify Dynamic Tag Rules” (to create a dynamic tag) 


Note: Provider name is mandatory in case of Cloud Asset tag. 


Sample 1 - Create new tag with 3 child tags 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/tag" < file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<Tag> 
<name>Parent Tag</name> 
<ruleType>Groovy</ruleType> 
<ruleText>if(asset.getAssetType()!=Asset.AssetType.HOST) return 
false; 
return asset. hasVulnsWithSeverity(4,5)</ruleText> 
«created»2014-02-06T19:14:50Z«/created» 
«modified»2014-02-06T19:14:50Z«/modified» 
<color>#FFFFFF</color> 
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<children> 
<set> 
<TagSimple> 
<name>Child 1</name> 
</TagSimple> 
<TagSimple> 
<name>Child 2</name> 
</TagSimple> 
<TagSimple> 
<name>Child 3</name> 
</TagSimple> 
</set> 
</children> 
</Tag> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/tag.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Tag> 
<id>1589217</id> 
<name>Parent Tag</name> 
<created>2014-02-06T19:14:50Z</created> 
<modified>2014-02-06T19:14:50Z</modified> 
<color>#FFFFFF</color> 
<ruleText>if(asset.getAssetType()!=Asset.AssetType.HOST) return 
false; 
return asset.hasVulnsWithSeverity(4,5)</ruleText> 
<ruleType>GROOVY</ruleType> 
<children> 
<list> 
<TagSimple> 
<id>1</id> 
<name>Child 1</name> 
</TagSimple> 
<TagSimple> 
<id>2</id> 
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<name>Child 2</name> 
</TagSimple> 
<TagSimple> 
<id>3</id> 
<name>Child 3</name> 
</TagSimple> 
</list> 
</children> 
</Tag> 
</data> 
</ServiceResponse> 
<responseCode>SUCCESS</responseCode> 


Sample 2 - Create an asset tag and assign criticality score 


API request 


curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST" -- 
"https://qualysapi.qualys.com/rest/2.0/create/am/tag" « file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding-" UTF-8" ?> 
<ServiceRequest> 
<data> 
<Tag> 
<name>critical_3</name> 
<criticalityScore>3</criticalityScore> 
<color>#FFFFFF</color> 
</Tag> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest/2 
.0/create/am/tag"» 

«responseCode»SUCCESS«/responseCode» 

<count>1</count> 

<data> 

<Tag> 
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<id>7824612</id> 
«name»critical 3«/name» 
«created»2021-06-08T13:09:00Z«/created» 
<modified>2021-06-08T13:09:00Z</modified> 
<color>#FFFFFF</color> 
<criticalityScore>3</criticalityScore> 
</Tag> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/tag.xsd 


Get to know Groovy 

Check out the following article on our Community to learn how to create 
asset tags using the Groovy programming language. You'll also get several 
Groovy rule examples that you can start using today. 


Create Asset Tags using Groovy 
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Update Tag 
/aps/rest/2.0/update/am/tag/<id> 
/aps/rest/2.0/update/am/tag 


[POST] 


Update fields for a tag and collections of tags. 

Permissions required - Managers with full scope, other users must have these 
permissions: Access Permission “API Access”, Tag Permission “Create User 
Tag”, Tag Permission “Modify Dynamic Tag Rules” (to create a dynamic tag) 
Input Parameters 

Using the NOT EQUALS operator for updating tags could result in accidental 
update of unknown tags without any warning. To prevent accidental updates 
of unknown tags, we do not support NOT EQUALS operator for update 


actions. 


Note: Provider name cannot be updated. 


Click here for available operators 


Parameter Description 

name (Text) Name of the tag 

criticalityScore (Keyword) Update the asset criticality score for a tag 
between 1 to 5 with 1 being the lowest and 5 being the 
highest. 

ruleType (Text) STATIC, GROOVY, OS REGEX, 


NETWORK_RANGE, NAME_CONTAINS, 
INSTALLED_SOFTWARE, OPEN_PORTS, VULN_EXIST, 
ASSET_SEARCH, CLOUD_ASSET, 
BUSINESS_INFORMATION 
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ruleText (Text) Define the criteria for the rule 


color Text formatted as #FFFFFF where E can be any value 
between 0-9 and A-F 


Sample 1 - Rename parent tag, remove some child tags 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/tag/12345" 

« file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<Tag> 
<name>Parent Tag (Updated)</name> 
<children> 
<remove> 
<TagSimple><id>123</id></TagSimple> 
<TagSimple><id>456</id></TagSimple> 
</remove> 
</children> 
</Tag> 
</data> 
</ServiceRequest> 


Response 


<?xml versionz"1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/tag.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 
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<Tag> 
<id>12345</id> 
<name>Tag</name> 
«created»2014-02-06T19:14:50Z«/created» 
«modified»2014-02-06T19:14:50Z«/modified» 
<color>#FFFFFF</color> 
«ruleText»asset.installedSoftwares.contains { it.name == 
"Windows" }</ruleText> 
<ruleType>GROOVY</ruleType> 
<children> 
cirsto 
«TagSimple» 
<id>1</id> 
<name>Child 1</name> 
</TagSimple> 
<TagSimple> 
«ad»2«/1d» 
«name»Child 2«/name» 
«/TagSimple» 
«TagSimple» 
«id»3«/id» 
«name»Child 3«/name» 
«/TagSimple» 
«TagSimple» 
<id>123</id> 
<name>Linked Child 1</name> 
</TagSimple> 
<TagSimple> 
<id>456</id> 
<name>Linked Child 2</name> 
</TagSimple> 
</List> 
</children> 
</Tag> 
</data> 
</ServiceResponse> 
<responseCode>SUCCESS</responseCode> 


Sample 2 - Update an asset tag with criticality score and tag ID in 
URL 


API request 
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curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST" -- 
"https://qualysapi.qualys.com/rest/2.0/update/am/tag/11175413" « 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<Tag> 
<name>name change3</name> 
<criticalityScore>5</criticalityScore> 
<children> 
<remove> 
<TagSimple><id>123</id></TagSimple> 
<TagSimple><id>456</id></TagSimple> 
</remove> 
</children> 
</Tag> 
</data> 
</ServiceRequest 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest/2 
.0/update/am/tag"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<Tag> 
<id>11175413</id> 
</Tag> 
</data> 
</ServiceResponse> 


Sample 3 - Update the tag color, rule text, rule type, child tag 


API request 
curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST" -- 
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"https://qualysapi.qualys.com/rest/2.0/update/am/tag/19237412" < 
file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<Tag> 
<color>#FFFFFF</color> 
<ruleType>ASSET_SEARCH</ruleType> 
«ruleText»&lt;?xml version="1.0" encoding="UTF- 
8"?&gt;&lt;TAG CRITERIA&gt;&lt; NETBIOS&gt; 
&lt;SEARCH TYPE&gt;BEGINNING&lt;/SEARCH TYPE&gt;&lt;SEARCH TERM&gt;tes 
t&lt;/SEARCH TERM&gt; &lt;/NETBIOS&gt;&lt;/TAG CRITERIA&gt;«/ruleText» 
«children» 
<set> 
<TagSimple> 
<name>Child</name> 
</TagSimple> 
</set> 
</children> 
</Tag> 
</data> 
</ServiceRequest 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest/2 
.0/update/am/tag"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<Tag> 
<id>19237412</id> 
</Tag> 
</data> 
</ServiceResponse> 


XSD 
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<platform API server>/qps/xsd/2.0/am/tag.xsd 
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Search Tags 
/aps/rest/2.0/search/am/tag 


[POST] 


Returns a list of tags that match the provided criteria. 


Pagination - A maximum of 100 tags are returned by default. To customize 
this specify a “preferences” tag in the POST body of your request. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the tag. Learn more 


Permissions required - Managers with full scope, other users must have 
Access Permission “API Access” 


Searchable Fields 


Click here for available operators 


Parameter Description 
id (Integer) 

name (Text) 

parent (Integer) 


ruleType STATIC, GROOVY, OS_REGEX, NETWORK_RANGE, 
NAME_CONTAINS, INSTALLED_SOFTWARE, 
OPEN_PORTS, VULN_EXIST, ASSET_SEARCH, 
CLOUD_ASSET, BUSINESS_INFORMATION 


provider EC2, AZURE, GCP, IBM, OCI 


color Text formatted as #FFFFFF where F can be any value 
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between 0-9 and A-F 


Sample 1 - Find tags with groovy script rules 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/tag" « file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="ruleType" operator="EQUALS">GROOVY</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/tag.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<hasMoreRecords>true</hasMoreRecords> 
<lastId>10449935</lastId> 
<data> 
<Tag> 
<id>12345</id> 
<name>Tag</name> 
<created>2014-02-06T19:14:50Z</created> 
«modified»2014-02-06T19:14:50Z«/modified» 
<color>#FF0000</color> 
<ruleText>asset.installedSoftwares.contains { it.name == 
"Windows" }</ruleText> 
<ruleType>GROOVY</ruleType> 
<children> 
<list> 
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«SimpleTag» 
«1d»123c/ 1d» 
<name>Red</name> 
</SimpleTag> 
<list> 
</children> 
</Tag> 
<Tag> 
<id>12346</id> 
<name>Another Red Tag</name> 
«created»2014-02-06T19:14:50Z«/created» 
«modified»2014-02-06T19:14:50Z«/modified» 
<color>#FF0000</color> 
«ruleText»asset.installedSoftwares.contains { it.name == 
"Windows" }</ruleText> 
<ruleType>GROOVY</ruleType> 
<children> 
<list> 
<SimpleTag> 
<id>123</id> 
<name>Red</name> 
</SimpleTag> 
«List 
</children> 
</Tag> 
</data> 
</ServiceResponse> 
<responseCode>SUCCESS</responseCode> 


Sample 2 - Search an asset tag with criticality score 


API request 


curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST" -- 
"https://qualysapi.qualys.com/rest/2.0/search/am/tag" « file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="criticalityScore" 
operator="EQUALS"> 
3</Criteria> 
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</filters> 
</ServiceRequest> 


Response 


<?xml versionz"1.0" encoding="UTF-8"?> 
«ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest/2 
.0/search/am/tag"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<Tag> 
<id>7824612</id> 
«name»critical 3«/name» 
<created>2021-06-08T13:09:00Z</created> 
<modified>2021-06-08T13:09:00Z</modified> 
<color>#FFFFFF</color> 
<criticalityScore>3</criticalityScore> 
</Tag> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/tag.xsd 
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Count Tags 
/aps/rest/2.0/count/am/tag 
[POST] 
Count all the children of a tag. 
Permissions required - Managers with full scope, other users must have 
Access Permission “API Access” 
Available Fields 
Click here for available operators 
Parameter Description 
id (Integer) 
name (Text) 
parent (Integer) 
ruleType STATIC, GROOVY, OS_REGEX, NETWORK_RANGE, 
NAME_CONTAINS, INSTALLED_SOFTWARE, 
OPEN_PORTS, VULN_EXIST, ASSET_SEARCH, 
CLOUD ASSET 
provider EC2YAZURESGERP4AIBMKOGI 
color Text formatted as #FFFFFF where E can be any value 


between 0-9 and A-F 


Sample - Get count of all children of tag ID 


API request 
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curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/count/am/tag" < file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="parent" operator="EQUALS">12345</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/tag.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>2</count> 
</ServiceResponse> 

<responseCode>SUCCESS</responseCode> 


XSD 
<platform API server>/qps/xsd/2.0/am/tag.xsd 
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Delete Tag 
/aps/rest/2.0/delete/am/tag/<id> 
/aps/rest/2.0/delete/am/tag 


[POST] 


Delete one or more tags. 


Click here for available operators 


Using the NOT EQUALS operator for deleting tags could result in accidental 
deletion of unknown tags without any warning. To prevent accidental deletion 
of unknown tags, we do not support NOT EQUALS operator for delete 
actions. 


Permissions required - Managers with full scope, other users must have these 
permissions: Access Permission “API Access” and Tag Permission “Delete User 
Tag” 


Sample - Delete tag 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/tag/12345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/tag.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<SimpleTag> 
<id>12345</id> 
</SimpleTag> 
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</data> 
</ServiceResponse> 
<responseCode>SUCCESS</responseCode> 


XSD 


<platform API server>/qps/xsd/2.0/am/tag.xsd 
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Evaluate Tag (Deprecated) 
/aps/rest/2.0/evaluate/am/tag/<id> 
/aps/rest/2.0/evaluate/am/tag 


[POST] 


The Evaluate Tag API is now deprecated. The API was available for 
subscriptions that support Dynamic tagging and forced re-evaluation of one 
or more tags. However, now tags are automatically queued for evaluation 
when their dynamic rule is updated or a new dynamic tag is created. 


Sample - Deprecation Message for Evaluation API 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/evaluate/am/tag" 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="ruleType" operator="EQUALS">Sample</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
«ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/tag.xsd"> 
«responseCode»INVALID REQUEST«/responseCode» 
<responseErrorDetails> 
<errorMessage>Invalid Request</errorMessage> 
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<errorResolution>Evaluate tag using API is no more supported,now 
tags are automatically queued for evaluation when their dynamic rule 
is updated or a new dynamic tag is created, please contact support 
for more info.</errorResolution> 


</responseErrorDetails> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/tag.xsd 
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List Users with their tags 


/aps/rest/1.0/{action}/admin/user 


Get information on users along with their tags to the authorized user. 
Currently, we support three actions for the users: search, count, and get 
details of a user. 


Permissions required - Managers with full scope, other users must have 
Access Permission “API Access” 


Search users 


Search for users by using different filters for user ID, username, email, tags, 
and module names. If no filter is specified, all users in the user’s scope are 
listed. 


Method: POST 


XSD: user.xsd 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/1.0/search/admin/user" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="username" operator="CONTAINS">10</Criteria> 
</filters> 
</ServiceRequest> 


Response 
<?xml version="1.0" encoding="UTF-8"?> 
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<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/1. 
0/admin/user.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<User> 
<id>3989626</id> 
«username»user js10«/username» 
«firstName»«! [CDATA[John] ]></firstName> 
<lastName><![CDATA[Smith]]></lastName> 
<emailAddress>john.smith@afco.com</emailAddress> 


<tags> 
<count>1</count> 
east 
«Tag» 
<id>8721654</id> 
<name> 
<![CDATA[ Unassigned Business Unit] ]> 
</name> 
</Tag> 
ls 
</tags> 
<modules> 
<count>5</count> 
eizi 
«Module»QWEB PCI«/Module» 
«Module»WAS«/Module» 
<Module>ADMIN</Module> 
<Module>ASSET_MANAGEMENT</Module> 
«Module»QWEB VM«/Module» 
</ List> 
</modules> 
</User> 
</data> 
</ServiceResponse> 


<responseCode>SUCCESS</responseCode> 


Count users 


Returns the total number of users in the user’s scope. 
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Method: POST 


XSD: user.xsd 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/1.0/count/admin/user" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="username" operator="CONTAINS">10</Criteria> 
</filters> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/1. 
0/admin/user.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 

<responseCode>SUCCESS</responseCode> 


Get user details 


View details for a user in the user’s scope. You can use search action to find a 
user ID to use as input. 


Method: GET, POST 


XSD: user.xsd 


API request 
curl -u "USERNAME:PASSWORD" " -X GET -H "Content-type: text/xml" 
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"https://qualysapi.qualys.com/qps/rest/1.0/get/admin/user/3989626" < 
file.xml 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/1. 
0/admin/user.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<User> 
<id>3989626</id> 
«username»user js10«/username» 
<firstName><![CDATA[John]]></firstName> 
<lastName><![CDATA[Smith]]></lastName> 
<emailAddress>john.smith@afco.com</emailAddress> 


<tags> 
<count>1</count> 
<list> 
<Tag> 
<id>8721654</id> 
<name> 
<![CDATA[Unassigned Business Unit] ]> 
</name> 
</Tag> 
</list> 
</tags> 
<modules> 
<count>5</count> 
<list> 
<Module>WAS</Module> 
<Module>ADMIN</Module> 
<Module>QWEB_PCI</Module> 
<Module>ASSET_MANAGEMENT</Module> 
<Module>QWEB_VM</Module> 
</lust> 
</modules> 
</User> 
</data> 
</ServiceResponse> 


<responseCode>SUCCESS</responseCode> 
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Name 
parentTagld 
color 
ruleText 


ruleType 


provider 

srcAssetGroupld 
srcBusinessUnitld 
srcOperatingSystemName 
children 

description 

Read only fields 

created 


modified 


Associations 
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Description 
(integer) 
(text) 

(text) 


(text) STATIC, GROOVY, OS_REGEX, 
NETWORK_RANGE, NAME_CONTAINS, 
INSTALLED_SOFTWARE, OPEN_PORTS, 
VULN_EXIST, ASSET_SEARCH, 
CLOUD_ASSET 


(text) 

(integer) 
(integer) 

(text) 
(TagSimpleQList) 


(text) 


(date) 


(date) 
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TagSimpleQList - Asset tags on the associated asset. This collection to be 


added to and removed from is provided as a tag ID wrapped in a TagSimple 
element 


TagSimple 
id (long) tag primary key 
name (string) tag name 
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Get Tag Info 


/aps/rest/2.0/get/am/tag/<id> 


[GET] 


Returns a single tag by ID. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the tag. Learn more 


Permissions required - Managers with full scope, other users must have 
Access Permission “API Access” 


Sample - Fetch tag 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/tag/12345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/tag.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Tag> 
<id>12345</id> 
<name>Test Tag</name> 
<created>2014-02-06T19:14:50Z</created> 
<modified>2014-02-06T19:14:50Z</modified> 
<color>#FFFFFF</color> 
«ruleText»asset.installedSoftwares.contains { it.name == 
"Windows" }</ruleText> 
<ruleType>GROOVY</ruleType> 
<children> 
<list/> 
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</children> 
</Tag> 
</data> 
</ServiceResponse> 
<responseCode>SUCCESS</responseCode> 


XSD 


<platform API server>/qps/xsd/2.0/am/tag.xsd 
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Get Host Asset Info 
/aps/rest/2.0/get/am/hostasset/<id> 


[GET] 


Returns a single host asset by ID. This API returns additional EC2 metadata of 
Amazon EC2 hosts when inventoried using the Qualys EC2 Connector. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the host asset. Learn more about limiting your results 


Permissions required - Managers with full scope. Other users must have 
requested asset in their scope and these permissions: Access Permission “API 
Access” and Asset Management Permission “Read Asset” 


Sample - Fetch host asset ID and list details 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/84021" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<HostAsset> 
<id>84021</id> 
<name>10.10.23.245</name> 
<created>2018-09-12T06:21:54Z</created> 
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«modified»2018-09-13T01:14:34Z«/modified» 
<type>HOST</type> 
<tags> 
<list> 
<TagSimple> 
<id>7539414</id> 
<name>Cloud Agent</name> 
</TagSimple> 
ist 
</tags> 
«sourceInfo» 
liste 
<AssetSource/> 
</ List> 
</sourceInfo> 
<qwebHostId>18903</qwebHostId> 
«os»Microsoft Windows XP Professional 5.1.2600 Service 
Pack 3 Build 2600«/os» 
«dnsHostName»XPSP2-32-27-145«/dnsHostName» 
«netbiosName»XPSP2-32-27-145«/netbiosName» 
«address»10.10.23.245«/address» 
<trackingMethod>QAGENT</trackingMethod> 
<manufacturer>VMware, Inc.</manufacturer> 
<model>VMware Virtual Platform</model> 
<totalMemory>2047</totalMemory> 
<timezone>-07:00</timezone> 
<biosDescription>INTEL - 6040000</biosDescription> 
<openPort> 
<list> 
<HostAssetOpenPort> 
«port»1900«/port» 
«protocol»UDP«/protocol» 
</HostAssetOpenPort> 
<HostAssetOpenPort> 
<port>7055</port> 
<protocol>TCP</protocol> 
</HostAssetOpenPort> 
«list 
</openPort> 
<software> 
<list> 
<HostAssetSoftware> 
<name>Security Update for Windows XP 
(KB2347290)</name> 
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<version>1</version> 


</HostAssetSoftware> 
<HostAssetSoftware> 
<name>Security Update for Windows XP 
(KB950974)« /name» 
<version>1</version> 
</HostAssetSoftware> 
etzie 
</software> 
<vuln> 
<list> 
<HostAssetVuln> 
<qid>118956</qid> 
<hostInstanceVulnId>296963</hostInstanceVulnId> 
<firstFound>2016-02-12T08:42:43Z</firstFound> 
<lastFound>2016-02-13T01:13:04Z</lastFound> 
</HostAssetVuln> 
<HostAssetVuln> 
«qid»119053«/qid» 
<hostInstanceVulnId>296965</hostInstanceVulnId 
> 
<firstFound>2016-02-12T08:42:43Z</firstFound> 
<lastFound>2016-02-13T01:13:04Z</lastFound> 
</HostAssetVuln> 
</list> 
</vuln> 
<processor> 
<list> 
<HostAssetProcessor> 
<name>Intel Celeron processor</name> 
<speed>2799</speed> 
</HostAssetProcessor> 
</list> 
</processor> 
<volume> 
ede 
<HostAssetVolume> 
<name>A:</name> 
<size>@</size> 
«free»0«/free» 
«/HostAssetVolume» 
«HostAssetVolume» 
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<name>C:</name> 
<size>16106090496</size> 
<free>2418925568</free> 
</HostAssetVolume> 
</list> 
</volume> 
<account> 
<list> 
<HostAssetAccount> 
<username>Administrator</username> 
</HostAssetAccount> 
<HostAssetAccount> 
<username>Guest</username> 
</HostAssetAccount> 
galbide 
</account> 
«networkInterface» 
<list> 
<HostAssetInterface> 
«hostname»XPSP2-32-27-145«/hostname» 
«interfaceName»VMware Accelerated AMD PCNet 
Adapter - Packet Scheduler Miniport«/interfaceName» 
«macAddress»00:50:56:A9:46:72«/macAddress» 
«type»LOCAL«/type» 
«address»10.10.23.245«/address» 
<gatewayAddress>10.10.23.1</gatewayAddress> 


</HostAssetInterface> 
</list> 
</networkInterface> 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Fetch host asset ID of AWS EC2 asset and list asset details 


Tags for the EC2 asset appear in the <Ec2AssetSourceSimple> element. 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/709838" 
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XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>709838</id> 
«name»my-ec2-target«/name» 
«created»2017-07-27T18:14:28Z«/created» 
«modified»2017-07-27T18:21:31Z«/modified» 
«type»HOST«/type» 
«tags» 
<list/> 
</tags> 
<sourceInfo> 
best 
<Ec2AssetSourceSimple> 
<firstDiscovered>2017-07- 
27T18:14:28Z«/firstDiscovered» 
<lastUpdated>2017-07- 
27T19:51:03Z«/1lastUpdated» 
«assetId»709838«/assetId» 
<ec2InstanceTags> 
<tags> 
<list> 
<EC2Tags> 
<key>Department</key> 
<value>Security</value> 
</EC2Tags> 
<EC2Tags> 
<key>Owner</key> 
<value>Jason Kim</value> 
</EC2Tags> 
<EC2Tags> 
<key>Email</key> 
<value>jkim@acme.com</value> 
</EC2Tags> 
<EC2Tags> 
<key>JIRA</key> 
<value>POR-6719</value> 
</EC2Tags> 
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<EC2Tags> 
<key>Name</key> 
<value>my-ec2-target</value> 
</EC2Tags> 
<EC2Tags> 
<key>Lifecycle</key> 
<value>20171231</value> 
</EC2Tags> 
<li> 
</tags> 
</ec2InstanceTags> 
<availabilityZone>us-east- 


«instanceId»i-023b166432b1c7afc«/instanceId» 
«instanceType»t2.medium«/instanceType» 
«createdDate»2017-097- 


27T19:58:34Z«/createdDate» 


SIS» 


<instanceState>STOPPED</instanceState> 
<groupId>sg-6b619117</groupId> 
<groupName>default</groupName> 
«spotInstance»true«/spotlInstance» 
<accountId>205767712438</accountId> 
<subnetId>subnet-7bbbcd56</subnetId> 
<vpcId>vpc-2da7154b</vpcId> 
<region>us-east-1</region> 

<zone>VPC</zone> 
«imageId»ami-22ce4934«/imageId» 
«publicIpAddress»127.0.0.1«/publicIpAddress» 
«privatelpAddress»10.97.15.117«/privateIpAddre 


«monitoringEnabled»false«/monitoringEnabled» 


«/Ec2AssetSourceSimple» 


elki 


«/sourceInfo» 

<qwebHostId>12864</qwebHostId> 
<os>Linux</os> 
«address»10.97.15.117«/address» 
«trackingMethod»INSTANCE ID«/trackingMethod» 


<openPort> 
«ts» 
</openPort> 
<software> 
«dist» 
«/software» 


57 


Qualys Asset Management & Tagging API 
Host Assets 


<vuln> 
«Ist» 
«/vuln» 
«processor» 
elsi» 
</processor> 
<volume> 
el BE Sue 
</volume> 
<account> 
eget 
</account> 
<networkInterface> 
<list> 
«HostAssetInterface» 
«interfaceId»eni-09f901fe«/interfaceId» 
<interfaceName>Primary network 
interface«/interfaceName» 
«type»PRIVATE«/type» 
«address»10.97.15.117«/address» 
«/HostAssetInterface» 
erst» 
«/networkInterface» 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Fetch host asset ID with docker information 


Tags for the docker information appear in the «dockerlnfo» element. 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/7727721" 


XML output 


<?xml versionz"1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation- 
"https://qualysapi.qualys.com/qps/xsd/2.0/am/hostasset.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
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<data> 
<HostAsset> 
<de 72n Ed 
<name>10.113.198.121</name> 
<created>2018-06-15T11:51:26Z</created> 
«modified»2018-06-15T11:51:26Z«/modified» 


«type»HOST«/type» 
«tags» 
<list> 

<TagSimple> 
<id>8910214</id> 
«name»SSD27701«/name» 

«/TagSimple» 

«TagSimple» 
Gidpo252992 ido 
<name>All datai«/name» 

«/TagSimple» 

</list> 
</tags> 


<qwebHostId>707520</qwebHostId> 
<lastVulnScan>2018-06-15T11:48:58Z</lastVulnScan> 
<os>CentOS Linux 7.2.1511</os> 
«address»10.113.198.121«/address» 
<trackingMethod>IP</trackingMethod> 


<openPort> 
<list> 
<HostAssetOpenPort> 
«port»8080«/port» 
«protocol»TCP«/protocol» 
<serviceId>1180</serviceId> 
<serviceName>HyperText Transport 
Protocol</serviceName> 
</HostAssetOpenPort> 
<j list 
</openPort> 
<vuln> 
<list> 
<HostAssetVuln> 
<qid>45038</qid> 
<hostInstanceVulnId>151189845</hostInstanceVul 
nId> 
<firstFound>2018-06-15T11:48:58Z</firstFound> 
<lastFound>2018-06-15T11:48:58Z</lastFound> 
</HostAssetVuln> 
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cnet 
«/vuln» 
«networkInterface» 
<list> 
«HostAssetInterface» 
«type»LOCAL«/type» 
«address»10.113.198.121«/address» 
«/HostAssetInterface» 
e TSsts 
«/networkInterface» 
«isDockerHost»true«/isDockerHost» 
«dockerInfo» 
«dockerVersion»18.06.0-ce-rci«/dockerVersion» 
«noOfContainers»1«/noOfContainers» 
<noOf Images >2</noOfImages> 
</dockerInfo> 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Get information for assets in your AWS Cloud 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/13236173" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>13236173</id> 
«name»MHCSTRHEL6-2« /name» 
«created»2019-11-12T10:46:30Z«/created» 
«modified»2020-01-07T06:26:41Z«/modified» 
<type>HOST</type> 
«sourceInfo» 
liste 


60 


Qualys Asset Management & Tagging API 
Host Assets 


<Ec2AssetSourceSimple> 
<assetId>13236173</assetId> 
<type>EC_2</type> 
<firstDiscovered>2019-11- 
12T10: 46: 30Z</firstDiscovered> 
<lastUpdated>2020-01- 
07T06:20:12Z</lastUpdated> 
<reservationId>r- 
03ca004864372ef32«/reservationId» 
<availabilityZone>us-west- 
2a</availabilityZone> 
<instanceId>i-0edf6a42bb540f885</instanceId> 
<instanceType>t1.micro</instanceType> 
<createdDate>2020-01- 
07T09:09:21Z«/createdDate» 
«instanceState»STOPPED«/instanceState» 
«groupId»sg-7493f147«/groupId» 
«groupName»Red Hat Enterprise Linux -RHEL- 6- 
6-5 GA-AutogenByAWSMP -1</groupName> 
«spotInstance»false«/spotlInstance» 
<accountId>XXXXXXXXXXXX< / account Id» 
«region»us-west-2«/region» 
«zone»Classic«/zone» 
<imageId>ami-7df@bd4d</imageId> 
<monitoringEnabled>false</monitoringEnabled> 
</Ec2AssetSourceSimple> 
</list> 
«/sourceInfo» 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Get information for assets in your Azure Cloud 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/13511567" 


Response 
<?xml version="1.0" encoding-" UTF-8"?» 
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<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>13511567</id> 
«name»VJ -WIndows</name> 
«created»2019-11-27T06:07:16Z«/created» 
«modified»2020-01-07T06:21:29Z«/modified» 
<type>HOST</type> 
<tags> 
classe 

<TagSimple> 
<id>107258219</id> 
<name>Azure</name> 

</TagSimple> 

«busto 
«/tags» 
«sourceInfo» 

«list» 

«AzureAssetSourceSimple» 
«assetId»13511567«/assetId» 
<type>AZURE</type> 
<firstDiscovered>2019-11- 

27T06:07:20Z«/firstDiscovered» 
«lastUpdated»2020-01- 
07T06:21:29Z«/1astUpdated» 
<azureVmTags> 
<tags> 
EDS 
<AzureTags> 
<key>Owner</key> 
<value>John Doe</value> 
</AzureTags> 
<AzureTags> 
<key>Department</key> 
<value>Engineering</value> 
</AzureTags> 
</list> 
</tags> 
</azureVmTags> 
<name>VJ -WIndows</name> 


62 


Qualys Asset Management & Tagging API 
Host Assets 


<location>centralindia</location> 
<vmSize>Standard_A3</vmSize> 
<vmId>b3fdb9ed-2564-4eaa-9e1b- 
7aeb6c196c92«/vmId» 
«offer»Windows-10«/offer» 
«state»RUNNING«/state» 
«state»SUCCEEDED«/ state» 
«publisher»MicrosoftWindowsDesktop«/publisher» 
<version>latest</version> 
<osType>Windows</osType> 
<subnet>default</subnet> 
<subscriptionId>XXXXXXXX - XXXX - XXXX - XXXX - 
XXXXXXXXXXXX« / subscriptionId» 
«resourceGroupName»DefaultResourceGroup- 
CIN</resourceGroupName> 
«macAddress»00-0D-3A-F0-98-3F«/macAddress» 
<publicIpAddress>52.172.151.254</publicIpAddre 
ss» 
<privateIpAddress>10.0.0.5</privateIpAddress> 
<virtualNetwork>CV-VirtualMachines-RG- 
vnet</virtualNetwork> 
</AzureAssetSourceSimple> 
</list> 
«/sourceInfo» 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Get information for assets in your GCP Cloud 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/13511567" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 
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<Asset> 
<id>13569298</id> 
<name>gcp-1-quays-aw8 0«/name» 
«created»2019-12-02T09:32:45Z«/created» 
«modified»2020-01-02T07:03:03Z«/modified» 
«type»HOST«/type» 
«tags» 
<list> 
<TagSimple> 
<id>106777848</id> 
<name>Cloud Agent</name> 
</TagSimple> 
<TagSimple> 
<id>107007013</id> 
<name>gcp</name> 
</TagSimple> 
cds 
</tags> 
<sourceInfo> 
<list> 
<GcpAssetSourceSimple> 
<assetId>13569298</assetId> 
<type>GCP</type> 
<firstDiscovered>2019-12- 


02T09:32:46Z«/firstDiscovered» 


«lastUpdated»2019-12- 


02T09:32:46Z«/1lastUpdated» 


«instanceld»2152878541443265280«/instanceId» 
«hostname»gcp-1-quays-aw8.c.qvsa- 


dev.internal«/hostname» 


«machineType»ni-standard-1«/machineType» 
«imageId»projects/centoscloud/global/images/ce 


ntos-6-v20191014«/imageId» 


SS» 


«zone»us-centrali1-a«/zone» 
<projectIdNo>1035365309337</projectIdNo> 
<state>RUNNING</State> 
<projectId>test_account</projectId> 
<network>default</network> 
«macAddress»42:01:0a:f0:00:a4«/macAddress» 
<publicIpAddress>34.67.172.38</publicIpAddress 


«privatelpAddress»10.240.0.164«/privateIpAddre 


«/GcpAssetSourceSimple» 
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<AssetSource/> 
</list> 
«/sourceInfo» 
</Asset> 
</data> 


Sample - Get host asset API returns criticality score for a host asset 


API request 


curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "GET" -- 
"https://qualysapi.qualys.com/rest/2.0/get/am/hostasset/3052446" 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest/2 
.0/search/am/hostasset"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>3052446</id> 
<name>hkencrtest</name> 
«created»2020-02-06T09:29:23Z«/created» 
«modified»2020-10-27T11:56:50Z«/modified» 


<type>HOST</type> 
<tags> 

ca </sourceInfo> 
<criticalityScore>2</criticalityScore> 
«os»Linux«/os» 


«dnsHostName»hkencrtest«/dnsHostName» 
«address»13.71.5.220«/address» 
«trackingMethod»VIRTUAL MACHINE ID«/trackingMethod» 
«networkInterface» 


«/networkInterface» 
<isDockerHost>false</isDockerHost> 
</HostAsset> 
</data> 
</ServiceResponse> 
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XSD 


<platform API server>/qps/xsd/2.0/am/hostasset.xsd 
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Create Host Asset 
/aps/rest/2.0/create/am/hostasset 


[POST] 


Create one or more host assets using writable fields and collections. It is a 
good idea to attach tags that will make new assets visible to the current user 
if that user does not have permission to see all assets. Otherwise users will not 
be able to see or modify the new assets until an administrator or process 
attaches the appropriate tags to them. 


What's next? After you've created host assets you need to activate them to 
make them available for scanning and reporting. Learn more on Activating 
Host Assets 


Permissions required - Managers with full scope. Other users must have these 
permissions: Access Permission “API Access” and Asset Management 
Permission “Create Asset”. 


We have restricted our asset create requests to static tags and have excluded 
dynamic tags. With this release, we will decline a request if the request 
contains TagSimple list having a dynamic tag for add/remove/set operation. 
The request is processed if it contains only static tags. 


In case of the set operation, if the request includes static tags, then the 
existing static tags are removed and new static tags (specified in the request) 
are applied on that particular asset. All the existing system or dynamic tags 
are retained as is. You cannot add or remove dynamic tags manually. 


Sample - Create new host asset with tags 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/hostasset" < 
file.xml 

Note: “file.xml” contains the request POST data. 
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Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<HostAsset> 
<name>My Windows Asset</name> 
<os>Windows 7</os> 
<dnsHostName>localhost</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856-a320fde231eb</networkGuid> 
<address>127.0.0.1</address> 
<trackingMethod>IP</trackingMethod> 
<tags> 
<set> 
<TagSimple><id>12345</id></TagSimple> 
<TagSimple><id>54321</id></TagSimple> 
</set> 
</tags> 
<software> 
<set> 
<HostAssetSoftware> 
<name>Photoshop</name> 
<version>9</version> 
</HostAssetSoftware> 
</set> 
</software> 
</HostAsset> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>2020094</id> 
<name>My Windows Asset</name> 
«created»2018-09-06T19:16:35Z«/created» 
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«modified»2018-09-06T19:16:35Z«/modified» 
<type>HOST</type> 
<tags> 
«dust 
«TagSimple» 
«10512345«/ 1d» 
«name»Tag 1«/name» 
«/TagSimple» 
«TagSimple» 
«105543214710» 
«name»Tag 2«/name» 
«/TagSimple» 
efTet 
</tags> 
<sourceInfo> 
elize 
</sourceInfo> 
<os>Windows 7</os> 
<dnsHostName>localhost</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856-a320fde231eb</networkGuid> 
<address>127.0.0.1</address> 
<trackingMethod>IP</trackingMethod> 
<openPort> 
«Ist» 
</openPort> 
<software> 
edited 
</software> 
<vuln> 
«lop 
«/vuln» 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Bulk creation of assets 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
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"https://qualysapi.qualys.com/qps/rest/2.0/create/am/hostasset" < 
file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<HostAsset> 
<name>My Windows Asset</name> 
<os>Windows 8</os> 
<dnsHostName>localhost13</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856- 
a320fde231eb</networkGuid> 
<address>13.0.0.1</address> 
<trackingMethod>IP</trackingMethod> 
<software> 
<set> 
<HostAssetSoftware> 
«name»Photoshop«/name» 
«version»9«/version» 
«/HostAssetSoftware» 
</set> 
</software> 
</HostAsset> 
<HostAsset> 
<name>My Windows Asset</name> 
<os>Windows 8</os> 
<dnsHostName>localhost14</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856- 
a320fde231eb«/networkGuid» 
«address»14.0.0.1«/address» 
<trackingMethod>IP</trackingMethod> 
<software> 
<set> 
<HostAssetSoftware> 
«name»Photoshop«/name» 
«version»9«/version» 
«/HostAssetSoftware» 
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</set> 
</software> 
</HostAsset> 
</data> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse 
xmlns:xsi="http://www.w3.org/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<HostAsset> 
<id>2899060</id> 
<name>My Windows Asset</name> 
«created»2016-04-01T16:57:50Z«/created» 
«modified»2016-04-01T16:57:50Z«/modified» 
<type>HOST</type> 
<tags> 
«sts 
«/tags» 
«sourceInfo» 
ust 
«/sourceInfo» 
«os»Windows 8«/os» 
<dnsHostName>localhost13</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856- 
a320fde231eb</networkGuid> 
<address>13.0.0.1</address> 
<trackingMethod>IP</trackingMethod> 
<openPort> 
cnt 
</openPort> 
<software> 
<list> 
<HostAssetSoftware> 
«name»Photoshop«/name» 
«version»9«/version» 
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</HostAssetSoftware> 
<list> 
</software> 
<vuln> 
erez 
</vuln> 
<processor> 
<list/> 
</processor> 
<volume> 
<list/> 
</volume> 
<account> 
est» 
</account> 
«networkInterface» 
«list» 

«HostAssetInterface» 
<hostname>localhost13</hostname> 
<type>LOCAL</type> 
«address»13.0.0.1«/address» 

«/HostAssetInterface» 

<list> 
</networkInterface> 

</HostAsset> 
<HostAsset> 

<id>2899061</id> 
<name>My Windows Asset</name> 
<created>2016-04-01T16:57:51Z</created> 
«modified»2016-04-01T16:57:51Z«/modified» 
<type>HOST</type> 
<tags> 

<list/> 
</tags> 
<sourceInfo> 

el EE 
«/sourceInfo» 
«os»Windows 8«/os» 
<dnsHostName>localhost14</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856- 

a320fde231eb«/networkGuid» 

«address»14.0.0.1«/address» 
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<trackingMethod>IP</trackingMethod> 
<openPort> 
<list/> 
</openPort> 
<software> 
<list> 

<HostAssetSoftware> 
<name>Photoshop</name> 
<version>9</version> 

</HostAssetSoftware> 

<{.last> 
</software> 
<vuln> 
erst 
«/vuln» 
«processor» 
<list/> 
</processor> 
<volume> 
<iis Se 
</volume> 
<account> 
<list/ > 
</account> 
«networkInterface» 
«list» 

«HostAssetInterface» 
<hostname>localhost14</hostname> 
<type>LOCAL</type> 
«address»14.0.0.1«/address» 

«/HostAssetInterface» 

DHA 
</networkInterface> 


</HostAsset> 


</ServiceResponse> 


Sample - Create host asset with tags 


API request 


"USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/hostasset"« 
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Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<HostAsset> 
<name>Windows 95</name> 
<tags> 
<add> 
<TagSimple><id>11175413</id></TagSimple> 
</add> 
</tags> 
<os>Windows 7</os> 
<dnsHostName>localhost</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
«networkGuid»66bf43c8-7392-4257-b856- 
a320fde231eb«/networkGuid» 
«address»255.255.255.0«/address» 
<trackingMethod>IP</trackingMethod> 
<software> 
<set> 
<HostAssetSoftware> 
«name»Photoshop«/name» 
«version»9«/version» 
«/HostAssetSoftware» 
</set> 
</software> 
</HostAsset> 
</data> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema- 
instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/a 
m/hostasset.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<HostAsset> 
<id>7992387</id> 
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<name>Windows 95</name> 
<created>2021-03-08T13:00:29Z</created> 
«modified»2021-03-08T13:00:29Z«/modified» 
«type»HOST«/type» 
«tags» 
«list» 
«TagSimple» 
«1d511175413«7/ 31d» 
«name»Static«/name» 
«/TagSimple» 
</ list> 
</tags> 
<os>Windows 7</os> 
<dnsHostName>localhost13</dnsHostName> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856- 
a320fde231eb</networkGuid> 
<address>255.255.255.0</address> 
<trackingMethod>IP</trackingMethod> 
<software> 
cms 
«HostAssetSoftware» 
«name»Photoshop«/name» 
«version»9«/version» 
«/HostAssetSoftware» 
</list> 
</software> 
«networkInterface» 
<list> 
«HostAssetInterface» 
<hostname>localhost13</hostname> 
<type>LOCAL</type> 
<address>255.255.255.0</address> 
</HostAssetInterface> 
</ List> 
</networkInterface> 
</HostAsset> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/hostasset.xsd 
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Update Host Asset 


/aps/rest/2.0/update/am/hostasset/<id> 
/aps/rest/2.0/update/am/hostasset 


[POST] 


Update fields for a host asset and collections of host assets. 


Using the NOT EQUALS operator for updating host assets could result in 
accidental update of unknown hosts assets without any warning. To prevent 
accidental updates of unknown host assets, we do not support NOT EQUALS 
operator for update actions. 


Permissions required - Managers with full scope, other users must have the 
requested assets in their scope and these permissions: Access Permission 
“API Access” and Asset Management Permission “Update Asset”. 


We have restricted our asset update requests to static tags and have 
excluded dynamic tags. With this release, we will decline a request if the 
request contains TagSimple list having a dynamic tag for add/remove/set 
operation. The request is processed if it contains only static tags. 


In case of the set operation, if the request includes static tags, then the 
existing static tags are removed and new static tags (specified in the request) 
are applied on that particular asset. All the existing system or dynamic tags 
are retained as is. You cannot add or remove dynamic tags manually. 


Sample - Update some fields for host asset ID 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/hostasset/12345" 
< file.xml 

Note: “file.xml” contains the request POST data. 
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Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<Asset><data> 
<HostAsset> 
<name>Updated Name</name> 
«os»WINDOWS 95</os> 
<dnsHostName>win95.old.corp.net</dnsHostName> 
</HostAsset> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>2020094</id> 
<name>Updated Name</name> 
<os>WINDOWS 95</os> 
<dnsHostName>win95.old.corp.net</dnsHostName> 
«created»2018-09-06T19:16:35Z«/created» 
«modified»2018-09-06T19:16:35Z«/modified» 
<type>HOST</type> 
<tags> 
LUISE > 
</tags> 
<sourceInfo> 
<list/> 
</sourceInfo> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
<networkGuid>66bf43c8-7392-4257-b856-a320fde231eb</networkGuid> 
«address»127.0.0.1«/address» 
<trackingMethod>IP</trackingMethod> 
<openPort> 
«Ixst/» 
</openPort> 
<software> 
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zb Ee 
</software> 
<vuln> 
«dust 
«/vuln» 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Update some fields for host assets that have names 
containing the word OLD 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 

"https: //qualysapi.qualys.com/qps/rest/2.0/update/am/hostasset" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding-"UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">OLD</Criteria> 
</filters> 
<data> 
<HostAsset> 
<tags> 
<add> 
<TagSimple><id>12345</id></TagSimple> 
</add> 
<remove> 
<TagSimple><id>54321</id><TagSimple> 
</remove> 
</tags> 
<software> 
<set> 
<HostAssetSoftware> 
«name»Windows«/name» 
«version»95«/name» 
«/HostAssetSoftware» 
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</set> 
</software> 
<openPort> 
<add> 
<HostAssetOpenPort> 
«port»8080«/port» 
<protocol>TCP</protocol> 
</HostAssetOpenPort> 
</add> 
</openPort> 
</HostAsset> 
</data> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>2020094</id> 
<name>Updated Name</name> 
«os»WINDOWS 95</os> 
<dnsHostName>win95.old.corp.net</dnsHostName> 
«created»2014-02-06T19:16:35Z«/created» 
«modified»2014-02-06T19:16:35Z«/modified» 
«type»HOST«/type» 
«tags» 
«liste 
<TagSimple> 
<id>12345</id> 
<name>Simple Tag 1</name> 
</TagSimple> 
<j List> 
</tags> 
«sourceInfo» 
<list/> 
</sourceInfo> 
<netbiosName>TEST</netbiosName> 
<netbiosNetworkId>10</netbiosNetworkId> 
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<networkGuid>66bf43c8-7392-4257-b856-a320fde231eb</networkGuid> 
<address>127.0.0.1</address> 
<trackingMethod>IP</trackingMethod> 
<openPort> 
a EE dE 
<HostAssetOpenPort> 
«port»8080«/port» 
<protocol>TCP</protocol> 
</HostAssetOpenPort> 
</list> 
</openPort> 
<software> 
SS 
<HostAssetSoftware> 
«name»Windows«/name» 
<version>95</version> 
</HostAssetSoftware> 
</last> 
</software> 
<vuln> 
gd 
</vuln> 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Request to add tags to a host asset 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
"https: //qualysapi.qualys.com/qps/rest/2.@/update/am/hostasset/3458268 
Meg 

file.xml 


Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 

<data> 

<HostAsset> 

<tags><add> 
<TagSimple><id>11307825</id></TagSimple> 
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</add> 

</tags> 
</HostAsset> 
</data> 
</ServiceRequest> 


Response 


<?xml versionz"1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/a 
m/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>3458268</id> 
</HostAsset> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/2.0/am/hostasset.xsd 
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Search Host Assets 

/aps/rest/2.0/search/am/hostasset 

[POST] 

Returns a list of host assets matching the provided criteria. Assets are 
returned when they are visible to the user (i.e. in the user’s scope). 


Pagination - A maximum of 100 host assets are returned by default. To 
customize this specify a “preferences” tag in the POST body of your request. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for each host asset. Learn more about limiting your 
results 


Permissions required - Managers with full scope, other users must have these 
permissions: Access Permission “API Access” and Asset Management 
Permission “Read Asset” 


Searchable fields 


Click here for available operators 


Parameter Description 
qwebHostld (integer) 
lastVulnScan (date) 
lastComplianceScan (date) 


informationGatheredUpdated (date) 


OS (text) 
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dnsHostName 
address 
vulnsUpdated 

id 

name 

created 

type 

netbiosName 
netbiosNetworklD 
networdGuid 


trackingMethod 


port 
installedSoftware 
tagName 

tagld 


updated 


Assets with cloud agents 


activationKey 
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(text) 
(text) 
(date) 
(integer) 
(text) 
(date) 
(text) 
(string) 
(text) 
(text) 


(keyword) NONE, IP, DNSNAME, NETBIOS, 
INSTANCE ID, QAGENT, GCP INSTANCE ID 
Conly for GCP Instances) 


(integer) 
(text) 
(text) 
(integer) 


(date) Modified date in output. 


(string) Allowed operator: EQUALS 
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agentConfigurationName 


agentConfigurationld 


agentVersion 


lastCheckedIn 


cloudProviderType 


EC2 assets 


region 


vpcld 
imageld 
instanceld 
accountld 


instanceState 


subnetld 


privateDnsName 


awsTagKey 
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(string) Allowed operators: EQUALS, 
CONTAINS 


(long) Allowed operator: EQUALS 


(string) Allowed operators: EQUALS, LESSER, 
GREATER 


(date) Allowed operators: EQUALS, LESSER, 
GREATER 


(text) AWS, AZURE, IBM, OCI, GCP 


(text) Specify the region code for the AWS 
region. 


For example, ap-northeast-1, us-east-2, eu- 
west-3, etc. 


(text) The ID of your Amazon VPC. 

(text) ID of the Amazon Machine Image (AMI). 
(text) EC2 Instance ID. 

(text) Amazon account ID. 


(text) EC2 Instance state. For example, 
PENDING, RUNNING, TERMINATED, 
STOPPED, etc. 


(text) ID of the subnet where your instance is 
located (when Amazon VPC is used). 


(text) The private DNS name of the instance. 
(text) EC2 instance tags. For example, Owner, 
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Department, Email, Lifecycle, Name, etc. 
awsTagValue (text) Values for the AWS Tag keys. 


For EC2 assets, apart from instanceState, awsTagKey, and awsTagValue, all 
other parameters are case sensitive. All EC2 parameters support text input 
with EQUALS operator. Additionally, the instanceState parameter supports 
EQUALS, NOT EQUALS. The awsTagKey and awsTagValue parameters 
support EQUALS, CONTAINS. 


Azure Assets 
vmld (text) The ID of your VM instance. 


subscriptionld (text) Your unique Microsoft Azure 
subscription ID. 


location (text) Specify the location code for the Azure 
region. 


For example, centralindia, westus2. 


state VM (keyword) The Instance state. You can specify 
one of the following states:STARTING, 
RUNNING, STOPPING, STOPPED, 
DEALEOCATED, DEALLOGCATING, DELETED: 


subnet (text) ID of the subnet where your VM 
instance is located (when Azure VPC is used). 


resourceGroup (text) Type of the resource group to which 
the VM instance belongs. 


resourceGroupName (text) Name of the resource group type to 
which the VM instance belongs. 


privatelpAddress (text) The private IP address of the VM 
instance. 
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publicloAddress 


azureTagKey 


azureTagValue 
imageOffer 
imageVersion 
IBM 

ibmld 
ibmTagKey 
ibmTagValue 


datacenterld 


ibmLocation 
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(text) The public IP address of the VM 
instance. 


(text) VM instance tags. For example, Owner, 
Department, Email, Lifecycle, Name, etc. 


(text) Values for the VM instance tag keys. 
(text) Image offer of the VM instance. 


(text) Image version of the VM instance. 


(value) The ID of your IBM resource. 
(value) Tag key of the IBM resource. 
(value) Value of the IBM resource tag. 


(value) ID of the datacenter in which the IBM 
resource if located. 


(value) Name of datacenter in which the IBM 
resource if located. 


Oracle Cloud Compute instances (OCI) 


ocild 
compartmentld 
hostName 


ociTagKey 


ociTagValue 


(string) The ID of your OCI. 
(string) The compartment ID of your OCI. 
(string) OCI asset host name. 


(string) OCI tags in lowercase. For example, 
owner, department, email, lifecycle, name, etc. 


(string) Values for the OCI tag keys. 
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id (string) OCI asset ID. 
ociRegion (text) Specify the region code for the OCI 
region. 


Note: For Oracle Cloud Compute instances, ociTagKey, and ociTagValue, all 
other parameters are case sensitive. All parameters support text input with 
EQUALS operator. The ociTagKey and ociTagValue parameters support 
EQUALS, CONTAINS. 


Sample - Search host assets 


Find host assets with a Windows operating system that are tracked by 
Instance ID 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
«Criteria field-"os" operator="EQUALS">Windows</Criteria> 
«Criteria field-"trackingMethod" 
operator-"EQUALS"»INSTANCE ID«/Criteria» 
«/filters» 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<hasMoreRecords>true</hasMoreRecords> 
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<lastId>5693290</lastId> 
<data> 
<HostAsset> 
<id>2020094</id> 
<name>Updated Name</name> 
<os>Windows</os> 
<dnsHostName>win95.old.corp.net</dnsHostName> 
<created>2018-09-06T19:16:35Z</created> 
<modified>2018-09-06T19:16:35Z</modified> 
<type>HOST</type> 
<tags> 
eTisto/» 
</tags> 
<sourceInfo> 
«qst» 
«/sourceInfo» 
«netbiosName»TEST«/netbiosName» 
«netbiosNetworkId»10«/netbiosNetworkId» 
«networkGuid»66bf43c8-7392-4257-b856- 
a320fde231eb«/networkGuid» 
«address»127.0.0.1«/address» 
«trackingMethod»INSTANCE ID«/trackingMethod» 
<openPort> 
ezz 
</openPort> 
<software> 
ede 
</software> 
<vuln> 
<list/> 
</vuln> 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Find cloud agents with a specific agent version 


API request 


curl -u fo_username:password -X POST -H "X-Requested-With: curl" -H 
"Content-Type: text/xml" -H "Cache-Control: no-cache" --data-binary 
@host_asset_search. xml 

"http: //qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset/" 
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Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="agentVersion" 
operator="EQUALS">1.4.5.168</Criteria> 
<Criteria field="tagName" operator="EQUALS">Cloud 
Agent</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/2.0 
/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>6</count> 
<hasMoreRecords>false</hasMoreRecords> 
<lastId>5693290</lastId> 
<data> 
<HostAsset> 
<id>3043442</id> 
«name»102115-M83«/name» 
«created»2016-11-04T11:43:40Z«/created» 
«modified»2016-11-08T22:35:53Z«/modified» 
<type>HOST</type> 
<tags> 
<list> 
<TagSimple> 
<id>8832525</id> 
<name>Cloud Agent</name> 
</TagSimple> 
</list> 
</tags> 
«sourceInfo» 
<list> 
<AssetSource/> 
</list> 
</sourceInfo> 
<qwebHostId>12688456922</qwebHostId> 
<dnsHostName>102115-M83</dnsHostName> 
<agentInfo> 
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<agentVersion>1.4.5.168</agentVersion> 
<agentId>2e689bb2-53ab-4a58-be0a- 
a7576964f310«/agentId» 
«status»STATUS INACTIVE«/status» 
«lastCheckedIn»2016-10-21T19:03:30Z2«/1astCheckedIn» 
«connectedFrom»10.100.11.163«/connectedFrom» 
<chirpStatus>Manifest Downloaded«/chirpStatus» 
<platform>Windows</platform> 
<agentConfiguration> 
«id»8099«/id» 
«name»Initial Profile - SSN3«/name» 
</agentConfiguration> 
«activationKey» 
«activationId»3ae32b8d-a8cf-4c0e-a477- 
86fad2dda4f4</activationId> 
<title>harshal</title> 
</activationKey> 
«/agentInfo» 
«netbiosName»102115-M83«/netbiosName» 
«address»10.100.11.163«/address» 
<trackingMethod>QAGENT</trackingMethod> 
<openPort> 
«Tist/» 
</openPort> 
<software> 
«Ist 
«/software» 
<vuln> 
SE 
</vuln> 
<processor> 
<li> 
</processor> 
<volume> 
est 
«/volume» 
«account» 
GORE Ea 
</account> 
«networkInterface» 
<list> 
</networkInterface> 
</HostAsset> 
</data> 
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</ServiceResponse> 


Sample - Find host assets with specific ID containing docker 
information 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 

"https: //qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8"?> 

<ServiceRequest> 

<filters> 

<Criteria field="id" operator="EQUALS">7727721</Criteria> 
</filters> 

</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation= 
"https://qualysapi.qualys.com/qps/xsd/2.0/am/hostasset.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<lastId>5693290</lastId> 
<data> 
<HostAsset> 
<id>7727721</id> 
<name>10.113.198.121</name> 
<created>2018-06-15T11:51:26Z</created> 
<modified>2018-06-15T11:51:26Z</modified> 
<type>HOST</type> 
<tags> 
ea Ez E 
<TagSimple> 
<id>8910214</id> 
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«name»SSD27701«/name» 
«/TagSimple» 
«TagSimple» 
<1d>9252992</ 1d> 
«name»All datai«/name» 
«/TagSimple» 
</list> 
</tags> 
<qwebHostId>707520</qwebHostId> 
<lastVulnScan>2018-06-15T11:48:58Z</lastVulnScan> 
<os>CentOS Linux 7.2.1511</os> 
<address>10.113.198.121</address> 
<trackingMethod>IP</trackingMethod> 


<openPort> 
«qst» 
<HostAssetOpenPort> 
«port»8080«/port» 
<protocol>TCP</protocol> 
<serviceId>1180</serviceId> 
<serviceName>HyperText Transport 
Protocol</serviceName> 
</HostAssetOpenPort> 
<j isi 
</openPort> 
<vuln> 
<list> 
<HostAssetVuln> 
<qid>6</qid> 
<hostInstanceVulnId>151189838</hostInstanceVul 
nId> 
<firstFound>2018-06-15T11:48:58Z</firstFound> 
<lastFound>2018-06-15T11:48:58Z</lastFound> 
</HostAssetVuln> 
<HostAssetVuln> 
<qid>45038</qid> 
<hostInstanceVulnId>151189845</hostInstanceVul 
nId> 
<firstFound>2018-06-15T11:48:58Z</firstFound> 
<lastFound>2018-06-15T11:48:58Z</lastFound> 
</HostAssetVuln> 
Se 
</vuln> 
<networkInterface> 
«usb 


92 


Qualys Asset Management & Tagging API 
Host Assets 


«HostAssetInterface» 
«type»LOCAL«/type» 
<address>10.113.198.121</address> 

</HostAssetInterface> 

</list> 
</networkInterface> 
<isDockerHost>true</isDockerHost> 
<dockerInfo> 
<dockerVersion>18.06.0-ce-rc1</dockerVersion> 
<noOfContainers>1</noOfContainers> 
<noOf Images >2</noOfImages> 
«/dockerInfo» 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Find host assets with specific ID containing split manifest 
version information for VM, PC, or SCA 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 

"https: //qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8"?> 

<ServiceRequest> 

<filters> 

<Criteria field="id" operator="EQUALS">7866685</Criteria> 
</filters> 

</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 

<responseCode>SUCCESS</responseCode> 
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<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<lastId>5693290</lastId> 
<data> 
<HostAsset> 
<id>7866685</id> 
<name>ip-172-31-3-82.ap-south-1.compute. internal</name> 
<created>2018-08-01T09:34:44Z</created> 
«modified»2018-08-10T08:39:49Z«/modified» 
«type»HOST«/type» 
«tags» 
e EE 
<TagSimple> 
<id>10125654</id> 
<name>Cloud Agent</name> 
</TagSimple> 
</list> 
</tags> 
<sourceInfo> 
<list> 
<AssetSource/> 
<Ec2AssetSourceSimple> 
<assetId>7866685</assetId> 
<type>EC_2</type> 
<firstDiscovered>2018-08- 
01T09:34:45Z«/firstDiscovered» 
«lastUpdated»2018-08- 
01T09:34:45Z«/1astUpdated» 
«reservationId»r- 
0cd44450f874d4a08</reservationId> 
<availabilityZone>ap-south- 
1b</availabilityZone> 
<privateDnsName>ip-172-31-3-82.ap-south- 
1.compute.internal«/privateDnsName» 
«publicDnsName»ec2-13-232-170-59.ap-south- 
1.compute.amazonaws.com«/publicDnsName» 
«localHostname»ip-172-31-3-82.ap-south- 
1.compute.internal«/localHostname» 
«instanceId»i-0ce729520a8a7d696«/instanceId» 
«instanceType»t2.micro«/instanceType» 
<instanceState>RUNNING</instanceState> 
«groupId»sg-608b270a«/groupId» 
<groupName>launch-wizard-4</groupName> 
<spotInstance>false</spotInstance> 


94 


Qualys Asset Management & Tagging API 
Host Assets 


<accountId>383031258652</accountId> 
<subnetId>subnet-5a@d6a17</subnetId> 
<vpcId>vpc-39ccea50</vpcId> 
<region>ap-south-1</region> 
<zone>VPC</zone> 
«imageId»ami-5b673c34«/imageId» 
<publicIpAddress>13.232.170.59</publicIpAddres 
s» 
<privateIpAddress>172.31.3.82</privateIpAddres 
s» 
«macAddress»0a:da:e8:58:09:fe«/macAddress» 
«monitoringEnabled»false«/monitoringEnabled» 
«/Ec2AssetSourceSimple» 
</list> 
</sourceInfo> 
<qwebHostId>753424</qwebHostId> 
<lastComplianceScan>2018-08- 
10T00:25:12Z«/1lastComplianceScan» 
<lastVulnScan>2018-08-10T04:55:06Z</lastVulnScan> 
«lastSystemBoot»2018-08-01T09:23:42Z«/lastSystemBoot» 
«lastLoggedOnUser»ec2-user«/lastLoggedOnUser» 
«os»Red Hat Enterprise Linux Server 7.5</os> 
«dnsHostName»ip-172-31-3-82.ap-south- 
1.compute.internal«/dnsHostName» 
«agentInfo» 
<agentVersion>1.7.1.38</agentVersion> 
<agentId>66fb864e-9609-4324-8eec- 
48ab6cb7f260«/agentId» 
«status»STATUS ACTIVE«/status» 
<lastCheckedIn>2018-08-10T08:39:427</lastCheckedIn> 
<connectedFrom>13.232.170.59</connectedFrom> 
<location>Mumbai, Maharashtra India</location> 
<locationGeoLatitude>18.975</locationGeoLatitude> 
<locationGeoLongtitude>72.8258</locationGeoLongtitude> 
<chirpStatus>Inventory Scan Complete</chirpStatus> 
<platform>Linux</platform> 
<activatedModule>AGENT_VM</activatedModule> 
<manifestVersion> 
<vm>VULNSIGS-VM-0.12.1.0-17</vm> 
«pc»VULNSIGS-PC-0.17.0.0-27«/pc» 
«/manifestVersion» 
«agentConfiguration» 
«id»514001«/id» 
«name»My Default«/name» 


95 


Qualys Asset Management & Tagging API 
Host Assets 


</agentConfiguration> 
«activationKey» 
«activationId»f9391862-de71-4106-9478- 
ca14042980dd« /activationId» 
«title»AWS«/title» 
«/activationKey» 
«/agentInfo» 
«networkGuid»6b48277c-0742-61c1-82bb- 
cacef9c4094a« /networkGuid» 
«address»13.232.170.59«/address» 
<trackingMethod>QAGENT</trackingMethod> 
<totalMemory>990</totalMemory> 
<timezone>UTC</timezone> 
<openPort> 
ORE 
<HostAssetOpenPort> 
<port>323</port> 
<protocol>UDP</protocol> 
</HostAssetOpenPort> 


edik 
</openPort> 
<software> 
click 
<HostAssetSoftware> 
<name>GeoIP</name> 
<version>1.5.0-11.el7</version> 
</HostAssetSoftware> 
<HostAssetSoftware> 
<name>NetworkManager</name> 
«version»1.10.2-13.e17«/version» 
«/HostAssetSoftware» 


A tsits» 
«/software» 
<vuln> 
ebi 
<HostAssetVuln> 
<qid>370198</qid> 
<hostInstanceVulnId>157377851</hostInstanceVul 
nId> 
<firstFound>2018-08-06T10:08:37Z</firstFound> 
<lastFound>2018-08-10T04:55:06Z</lastFound> 
</HostAssetVuln> 
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<HostAssetVuln> 
<qid>370472</qid> 
<hostInstanceVulnId>157377852</hostInstanceVul 
nId> 
<firstFound>2018-08-06T10:08:37Z</firstFound> 
<lastFound>2018-08-10T04:55:06Z</lastFound> 
</HostAssetVuln> 


«lito 
</vuln> 
<processor> 
<list> 
<HostAssetProcessor> 
<name>Intel(R) Xeon(R)</name> 
<speed>2400</speed> 
</HostAssetProcessor> 
erst 
</processor> 
<volume> 
<list> 
<HostAssetVolume> 
<name>/</name> 
<size>10724814848</size> 
<free>9259859968</free> 
</HostAssetVolume> 


</list> 
</volume> 
<account> 
<list> 
<HostAssetAccount> 
<username>root</username> 
</HostAssetAccount> 
<HostAssetAccount> 
<username>ec2-user</username> 
</HostAssetAccount> 
«Aust» 
</account> 
«networkInterface» 
<list> 
<HostAssetInterface> 
<interfaceName>eth@</interfaceName> 
<macAddress>@a:da:e8:58:09:fe</macAddress> 
<type>LOCAL</type> 
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<address>fe80:0:0:0:8da:e8ff:fe58:9fe</address 


> 
<gatewayAddress>172.31.0.1</gatewayAddress> 
</HostAssetInterface> 
<il 
</networkInterface> 
</HostAsset> 
</data> 
</ServiceResponse> 


Sample - Search host assets using EC2 attributes 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" « 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding-" UTF-8"?» 
<ServiceRequest> 
<filters> 
<Criteria field="region" operator="EQUALS">ap-northeast- 
1</Criteria> 
«Criteria field="vpcId" operator="EQUALS">vpc-98a11ffd</Criteria> 
«Criteria field-"accountId" 
operator="EQUALS">205767712438</Criteria> 
<Criteria field="privateDnsName" operator="EQUALS">ip-172-30-1- 
Zil EISE 
northeast-1.compute.internal</Criteria> 
</filters> 
</ServiceRequest> 


XML output 


<?xml versionz"1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 

<responseCode>SUCCESS</responseCode> 
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<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<lastId>5693290</lastId> 
<data> 
<HostAsset> 
<id>1553126</1d> 
<name>ip-172-30-1-133</name> 
«created»2018-12-03T09:10:18Z«/created» 
«modified»2018-12-08T10:14:40Z«/modified» 
«type»HOST«/type» 
«tags» 
e EE 
<TagSimple> 
<id>7977614</id> 
<name>Cloud Agent</name> 
</TagSimple> 
</list> 
</tags> 
<sourceInfo> 
<list> 
<AssetSource/> 
<Ec2AssetSourceSimple> 
<assetId>1553126</assetId> 
<type>EC_2</type> 
<firstDiscovered>2018-12- 
03T09:10:18Z«/firstDiscovered» 
«lastUpdated»2018-12- 
03T09:10:18Z«/1lastUpdated» 
«reservationId»r- 
08a2a6ee33b3acd9f«/reservationId» 
«availabilityZone»ap-northeast- 
1b«/availabilityZone» 
«privateDnsName»ip-172-30-1-133.ap-northeast- 
1.compute.internal«/privateDnsName» 
«localHostname»ip-172-30-1-133.ap-northeast- 
1.compute.internal«/localHostname» 
«instanceId»i-07081d0a8ab051d80«/instanceId» 
<instanceType>t2.micro</instanceType> 
<instanceState>RUNNING</instanceState> 
«groupId»sg-9a08a0e3«/groupId» 
<groupName>launch-wizard-12</groupName> 
<accountId>205767712438</accountId> 
<subnetId>subnet-5c198e2b</subnetId> 
<vpcId>vpc-98a11ffd</vpcId> 
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«region»ap-northeast-1«/region» 
<zone>VPC</zone> 
<imageId>ami-92df37ed</imageId> 
<publicIpAddress>13.113.179.242</publicIpAddre 


«privatelpAddress»172.30.1.133«/privateIpAddre 


«macAddress»06:c2:ed:39:19:98«/macAddress» 
«/Ec2AssetSourceSimple» 
</list> 
</sourceInfo> 
«quebHostId»294355«/qwebHostId» 
<lastComplianceScan>2018-12- 


08T01:45:34Z</lastComplianceScan> 


<lastVulnScan>2018-12-08T07:14:58Z</lastVulnScan> 
«lastSystemBoot»2018-05-25T06:06:35Z«/lastSystemBoot» 
<lastLoggedOnUser>ec2-user</lastLoggedOnUser > 
<os>Amazon Linux 2018.03</os> 
«dnsHostName»ip-172-30-1-133«/dnsHostName» 
«agentInfo» 

«agentVersion»2.3.0.20«/agentVersion» 

<agentId>f6ela6be-a99a-4d79-a5b1- 


f339aeaf8095</agentId> 


e» 


«status»STATUS INACTIVE«/status» 
<lastCheckedIn>2018-12-08T07:15:20Z</lastCheckedIn> 
<connectedFrom>13.113.179.242</connectedFrom> 
<location>Tokyo, Tokyo Japan</location> 
<locationGeoLatitude>35.685</locationGeoLatitude> 
<locationGeoLongtitude>139.7514</locationGeoLongtitude 


<chirpStatus>Inventory Scan Complete</chirpStatus> 
<platform>Linux</platform> 
«activatedModule»AGENT VM,AGENT PC,FIM«/activatedModul 


<manifestVersion> 
<vm>VULNSIGS-VM-0.19.0.0-34</vm> 
«pc»VULNSIGS-PC-0.19.0.0-34«/pc» 
«/manifestVersion» 
<agentConfiguration> 
<id>166800</id> 
«name»27-March«/name» 
«/agentConfiguration» 
«activationKey» 
<activationId>8d988825-5685-4dcf-8d14- 
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Ofde25eab037«/activationId» 
«title»september-2018«/title» 
«/activationKey» 
«/agentInfo» 
«networkGuid»6b48277c-0742-61c1-82bb- 
cac0f9c4094a</networkGuid> 
<address>13.113.179.242</address> 
<trackingMethod>QAGENT</trackingMethod> 
<totalMemory>987</totalMemory> 
<timezone>UTC</timezone> 
<openPort> 
<list> 
<HostAssetOpenPort> 
<port>57091</port> 
<protocol>UDP</protocol> 
</HostAssetOpenPort> 


<{il'ast> 
</openPort> 
<software> 
«qst 
«HostAssetSoftware» 
«name»acl«/name» 
<version>2.2.49-6.11.amzn1</version> 
</HostAssetSoftware> 


</list> 
</software> 
<vuln> 
<list> 
<HostAssetVuln> 
<qid>38582</qid> 
<hostInstanceVulnId>88353071</hostInstanceVuln 
Id> 
<firstFound>2018-12-03T22:07:32Z</firstFound> 
<lastFound>2018-12-08T07:14:58Z</lastFound> 
</HostAssetVuln> 


Hber es: 
«/vuln» 
«processor» 
«list» 
<HostAssetProcessor> 
<name>Intel(R) Xeon(R)</name> 
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<speed>2400</speed> 
</HostAssetProcessor> 
gae 
</processor> 
<volume> 
<list> 
<HostAssetVolume> 
<name>/dev</name> 
<size>506937344</size> 
<free>506880000</free> 
</HostAssetVolume> 


eflet 
«/volume» 
«account» 
eziz 
<HostAssetAccount> 
<username>root</username> 
</HostAssetAccount> 
<HostAssetAccount> 
<username>ec2-user</username> 
</HostAssetAccount> 
<jlist> 
</account> 
<networkInterface> 
<list> 
«HostAssetInterface» 
«hostname»ip-172-30-1-133«/hostname» 
«interfaceName»ethO Link 
encap«/interfaceName» 
«macAddress»06:C2:ED:39:19:98«/macAddress» 
<type>LOCAL</type> 
<address>172.30.1.133</address> 
<gatewayAddress>172.30.1.1</gatewayAddress> 
</HostAssetInterface> 


</list> 
</networkInterface> 
<isDockerHost>false</isDockerHost> 
</HostAsset> 
</data> 
</ServiceResponse> 
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API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceRequest> 
<filters> 
<Criteria field="vmId" operator="EQUALS">399af5dc-c32a-4c40- 
95a5-c6ed0e786430</Criteria> 
«Criteria field-"subscriptionId" operator="EQUALS">XXXXXXXX- 
XXXX - XXXX - XXXX -00000000000€« / Criteria» 
«Criteria field-"state" operator="EQUALS">DELETED</Criteria> 
«/filters» 
«/ServiceRequest» 


XML output 
<?xml version="1.0" encoding-" UTF-8"?» 


<ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation-"https://qualysapi.qualys.com/qps/xsd/2. 


0/am/hostasset.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>9</count> 
<hasMoreRecords>false</hasMoreRecords> 
<lastId>5693290</lastId> 
<data> 
<HostAsset> 
<id>2584223</id> 
<name>user_john</name> 
<created>2019-03-04T13:12:30Z</created> 
«modified»2019-03-07T13:37:02Z«/modified» 
«type»HOST«/type» 
«tags» 
«list» 
«TagSimple» 
<1d>7517612</id> 
<name>Sample Tag</name> 
</TagSimple> 
</list> 
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</tags> 
«sourceInfo» 
ezz 
<AzureAssetSourceSimple> 
<assetId>2545223</assetId> 
<type>AZURE</type> 
«firstDiscovered»2019-03-04T13:13:59Z«/firstDiscovered» 
«lastUpdated»2019-05-09T08:51:37Z«/1lastUpdated» 
<azureVmTags> 
<tags> 
<list> 
<AzureTags> 
<key>Owner</key> 
<value>John</value> 
</AzureTags> 
</list> 
</tags> 
</azureVmTags> 
<name>sample_resource</name> 
<location>centralindia</location> 
<vmSize>Standard_B1s</vmSize> 
<vmId>399af5dc-c32a-4c40-95a5-c6ed0e786430</vmId> 
«offer»CentOS«/offer» 
<state>SUCCEEDED</state> 
<state>DELETED</state> 
<publisher>OpenLogic</publisher> 
<version>latest</version> 
<osType>Linux</osType> 
<subnet >default</subnet> 
<subscriptionId>XXXXXXXX - XXXX - XXXX - XXXX - 
XXXXXXXXXXXX« / subscriptionId» 
«resourceGroupName»sample resource group name«/resourceGroupN 
ame» 
«privatelpAddress»172.17.1.5«/privateIpAddress» 
«/AzureAssetSourceSimple» 
<{list> 
</sourceInfo> 
«quebHostId»41049«/qwebHostId» 
«fqdn»sample resource fqdn«/fqdn» 
«os»Linux«/os» 
«dnsHostName»sample resource dns«/dnsHostName» 
«trackingMethod»VIRTUAL MACHINE ID«/trackingMethod» 
«networkInterface» 
gusto 
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«HostAssetInterface» 
«type»PRIVATE«/type» 
<address>172.16.1.4</address> 

</HostAssetInterface> 

</list> 
</networkInterface> 
<isDockerHost>false</isDockerHost> 
</HostAsset> 


</data> 
</ServiceResponse> 


Sample - Search host asset API returns criticality score for a host 
asset 


API request 


curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST" -- 
"https://qualysapi.qualys.com/rest/2.0/search/am/hostasset" « file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding-" UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="name"> 
operator="EQUALS">hkencrtest</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest/2 
.0/search/am/hostasset"» 

«responseCode»SUCCESS«/responseCode» 

<count>1</count> 

<hasMoreRecords>false</hasMoreRecords> 
<data> 

<HostAsset> 

<id>3052446</id> 
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<name>hkencrtest</name> 
«created»2020-02-06T09:29:23Z«/created» 
«modified»2020-10-27T11:56:50Z«/modified» 
«type»HOST«/type» 
«tags» 
zb E 
<TagSimple> 
<id>13309029</id> 
<name>test-name-tagk8s</name> 
</TagSimple> 


<name>hkencrtest</name> 
<location>centralindia</location> 
<vmSize>Standard_B11s</vmSize> 
<vmId>bdb01734-17de-4a8b-a846-1fdc0c4ebd90</vmId> 
<offer>UbuntuServer</offer> 
<state>DELETED</State> 
<publisher>Canonical</publisher> 
<version>latest</version> 
<osType>Linux</osType> 
<subnet>default</subnet> 
«subscriptionId»9de9e0a7-4f67-4812-917d- 

2246853844e1</subscriptionId> 
<resourceGroupName>hktest10</resourceGroupName> 
<macAddress>00-0D-3A-3E-2A-EE</macAddress> 
<publicIpAddress>13.71.5.220</publicIpAddress> 
<privateIpAddress>172.16.0.4</privateIpAddress> 
</AzureAssetSourceSimple> 

Sidi 

</sourceInfo> 

<criticalityScore>2</criticalityScore> 

<fqdn>hkencrtest</fqdn> 


Sample - Searching IBM assets in your account 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < 
file.xml 

Note: "file.xml" contains the request POST data. 
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Request POST data 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceRequest> 
<filters> 
<Criteria field="ibmId" operator="EQUALS">64486457</Criteria> 
</filters> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/2.0 
/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<HostAsset> 
<id>1940247</id> 
«name»COMW8X86- 34-160« /name> 
«created»2018-08-22T09:36:57Z«/created» 
<modified>2021-11-08T03:48:10Z</modified> 
<type>HOST</type> 
«sourceInfo» 
<Lise> 
<IBMAssetSourceSimple> 
<assetId>1940247</assetId> 
<type>IBM</type> 
<ibmId>64486457</ibmId> 
«location»wdc07«/location» 
«datacenterId»2017603«/datacenterId» 
<deviceName>&quot;sme-centos01.Qualys- 
Inc.cloud&quot;</deviceName> 
<publicVlan>1330,1234</publicVlan> 
<domain>Qualys-Inc.cloud</domain> 
«privateVlan»1473,1474,1500«/privateVlan» 
<publicIpAddress>10.10.10.111</publicIpAddress 


> 
«privatelpAddress»10.10.10.111«/privateIpAddre 
Ss» 
«/IBMAssetSourceSimple» 
<AssetSource/> 
</list> 
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</sourceInfo> 
<qwebHostId>27103</qwebHostId> 
<lastSystemBoot>2018-11-01T18:44:32Z</lastSystemBoot> 
<lastLoggedOnUser>root</lastLoggedOnuser> 
<domain>WORKGROUP</domain> 
<fqdn>sme-win@1.Qualys-Inc.cloud.WORKGROUP</fqdn> 
<os>CentOS Linux 7.5.1804</os> 
<dnsHostName>sme-win@1.Qualys-Inc.cloud</dnsHostName> 
<agentInfo> 
<agentVersion>2.1.0.494</agentVersion> 
<agentId>6710851f-1d18-4b2a-ac05- 
ea972e10ebb5</agentId> 
«status»STATUS ACTIVE«/status» 
<lastCheckedIn>2021-11-08T03:48:10Z</lastCheckedIn> 
«connectedFrom»10.10.10.111«/connectedFrom» 
«chirpStatus»Inventory Scan Complete</chirpStatus> 
<platform>Windows</platform> 
«activatedModule»AGENT PC«/activatedModule» 
<agentConfiguration> 
<id>10001</id> 
<name>Suspend SelfPatch</name> 
</agentConfiguration> 
«activationKey» 
«activationId»28cf22f0-89a4-459c-b9ae- 
bc661901c4ff</activationId> 
<title>Accuracy T34 PC Windows</title> 
</activationKey> 
«/agentInfo» 
«address»10.10.10.111«/address» 
<trackingMethod>QAGENT</trackingMethod> 
<manufacturer>Xen</manufacturer> 
<model>HVM domU</model> 
<totalMemory>986</totalMemory> 
<timezone>-05:00</timezone> 
<biosDescription>Xen 4.7.5-1.21 
08/13/2018</biosDescription> 
<openPort> 
<list> 
<HostAssetOpenPort> 
<port>5353</port> 
<protocol>UDP</protocol> 
</HostAssetOpenPort> 


<A> 
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</openPort> 
<software> 
<list> 
<HostAssetSoftware> 
<name>cronie-anacron</name> 
«version»1.4.11-19.e17«/version» 
«/HostAssetSoftware» 
«HostAssetSoftware» 
«name»groff-base«/name» 
<version>1.22.2-8.el7</version> 
</HostAssetSoftware> 


</list> 
</software> 
<processor> 
SOEK EE 
<HostAssetProcessor> 
<name>Intel(R) Xeon(R) Gold 6130</name> 
<speed>2100</speed> 
</HostAssetProcessor> 
DHA 
</processor> 
<volume> 
elbi 
<HostAssetVolume> 
<name>/</name> 
<size>24694149120</size> 
<free>22382100480</free> 
</HostAssetVolume> 


</list> 
</volume> 
<account> 
<list> 
<HostAssetAccount> 
<username>root</username> 
</HostAssetAccount> 


</list> 
</account> 
«networkInterface» 
«list» 
«HostAssetInterface» 
«interfaceName»eth1«/interfaceName» 
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«macAddress»06:d2:2b:49:8d:9e«/macAddress» 
«type»LOCAL«/type» 
«address»fe80:0:0:0:4d2:2bff : fe49:8d9e«/addres 
S» 
<gatewayAddress>169.61.80.145</gatewayAddress> 
«/HostAssetInterface» 


«/list» 
«/networkInterface» 
<isDockerHost>false</isDockerHost> 
</HostAsset> 


</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/2.0/am/hostasset.xsd 
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Count Host Assets 

/aps/rest/2.0/count/am/hostasset 

[POST] 

Returns the number of host assets that match the provided criteria. A host 
asset is counted when the asset is visible to the user (i.e. it is in the user’s 
scope). 

Permissions required - Managers with full scope. Other users must have these 


permissions: Access Permission “API Access” and Asset Management 
Permission “Read Asset” 


Searchable fields 


Click here for available operators 


Parameter Description 
qwebHostld (integer) 
lastVulnScan (date) 
lastComplianceScan (date) 


informationGatheredUpdated (date) 


OS (text) 
dnsHostName (text) 
address (text) 


vulnsUpdated (date) 


TH 


id 

name 

created 

type 

netbiosName 
netbiosNetworklD 
networdGuid 


trackingMethod 


port 
installedSoftware 
tagName 

tagld 


update 


Sample - Count host assets 


API request 
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(integer) 
(text) 
(date) 
(text) 
(string) 
(text) 
(text) 


(keyword) NONE, IP, DNSNAME, 
NETBIOS, INSTANCE ID, QAGENT 


(integer) 
(text) 
(text) 
(integer) 


(date) 


curl -u "USERNAME:PASSWORD" -X POST --data-binary @- 
https://qualysapi.qualys.com/qps/rest/2.0/count/am/hostasset -H 
vContent-Type: application/xml" « file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 
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<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
«Criteria field="os" operator="EQUALS" >Windows</Criteria> 
</filters> 
</ServiceRequest> 


Response 


?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>235</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/hostasset.xsd 
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Delete Host Asset 
/aps/rest/2.0/delete/am/hostasset/<id> 
/aps/rest/2.0/delete/am/hostasset 


[POST] 


Delete one or more host assets. 


Using the NOT EQUALS operator for deleting host assets could result in 
accidental deletion of unknown host assets without any warning. To prevent 
accidental deletion of unknown host assets, we do not support NOT EQUALS 
operator for delete actions. 


Permissions required - Managers with full scope. Other users must have these 
permissions: Access Permission “API Access” and Asset Management 
Permission “Delete Asset”. 


Sample - Delete host assets with the tag “To Delete” 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/hostasset" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="tagName" operator="EQUALS">To 
Delete</Criteria> 
</filters> 
</ServiceRequest> 


Response 
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<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>2020094</id> 
</HostAsset> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/2.0/am/hostasset.xsd 


115 


Qualys Asset Management & Tagging API 
Host Assets 


Activate Host Asset 
/qps/rest/2.0/activate/am/hostasset/<id>?module=QWEB_VM 
/aps/rest/2.0/activate/am/hostasset?module=QWEB_VM 
/aps/rest/2.0/activate/am/hostasset/<id>?module=QWEB_PC 
/aps/rest/2.0/activate/am/hostasset?module=QWEB_PC 
/aps/rest/2.0/activate/am/hostasset/<id>?module=QWEB_SCA 
/aps/rest/2.0/activate/am/hostasset?module=QWEB_SCA 
/aps/rest/2.0/activate/am/hostasset/<id>?module=CERTVIEW 
/aps/rest/2.0/activate/am/hostasset?module=CERTVIEW 

[POST] 

Activate one or more assets to make them available in your account for 
scanning and reporting. You'll want to activate newly created hosts to make 
them available in the Vulnerability Management (VM) module and/or the 
Policy Compliance (PC) module. 


Permissions required - Users with full scope. Other users must have requested 
assets in their scope and Access Permission “API Access”. 


Searchable fields 


Click here for available operators 


Parameter Description 
qwebHostld (integer) 
lastVulnScan (date) 
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lastComplianceScan 
informationGatheredUpdated 
OS 

dnsHostName 
address 
vulnsUpdated 

id 

name 

created 

type 

netbiosName 
netbiosNetworklD 
networdGuid 


trackingMethod 


port 
installedSoftware 
tagName 

tagld 


update 
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(date) 
(date) 
(text) 
(text) 
(text) 
(date) 
(integer) 
(text) 
(date) 
(text) 
(string) 
(text) 
(text) 


(keyword) NONE, IP, DNSNAME, 
NETBIOS, INSTANCE ID, QAGENT 


(integer) 
(text) 
(text) 
(integer) 
(date) 
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Sample - Activate host assets for PC 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/activate/am/hostasset?modul 
e=QWEB_PC" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="tagName" operator="EQUALS">Azure-static- 
tag</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostasset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostAsset> 
<id>15127499</id> 
<name>Sample Host asset</name> 
<created>2020-07-09T06:38:09Z</created> 
«modified»2020-08-05T19:00:23Z«/modified» 
«type»HOST«/type» 
«tags» 
<list> 
<TagSimple> 
<id>110494212</id> 
<name>Azure-static-tag</name> 
</TagSimple> 
<TagSimple> 
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<id>111047644</id> 
</TagSimple> 
<TagSimple> 
<1d>111051812</1d> 
</TagSimple> 
</list> 
</tags> 
«sourceInfo» 
<list> 
<AzureAssetSourceSimple> 
<assetId>15127499</assetId> 
<type>AZURE</type> 
«firstDiscovered»2020-07-09T06:38:09Z«/firstDiscovered» 
«lastUpdated»2020-08-05T18:54:41Z«/1lastUpdated» 
«name»Sample Host asset«/name» 
<location>westus2</location> 
<vmSize>Standard_Bims</vmSize> 
<vmId>@cfb7bd7-0baa-46c5-b0ca-a7440b10bee6</vmId> 
«offer»CentOS«/offer» 
<state>DEALLOCATED</State> 
<publisher>OpenLogic</publisher> 
<version>latest</version> 
<osType>Linux</osType> 
<subnet >default</subnet> 
<subscriptionId>XXXXXXXX - XXXX - XXXX - XXXX - 
XXXXXXXXXXXX« / subscriptionId» 
«resourceGroupName»sample resourcegroup</resourceGroupName 
> 
<macAddress>00-0D-3A-C4-8F-3F</macAddress> 
<privateIpAddress>172.16.7.5</privateIpAddress> 
</AzureAssetSourceSimple> 
Ste 
«/sourceInfo» 
«qwebHostId»3906594«/qwebHostId» 
«os»Linux«/os» 
«dnsHostName»TestNullPointer-MN«/dnsHostName» 
<address>172.16.7.5</address> 
«trackingMethod»VIRTUAL MACHINE ID«/trackingMethod» 
«networkInterface» 
<list> 
<HostAssetInterface> 
«hostname»TestNullPointer-MN«/hostname» 
«type»PRIVATE«/type» 
<address>172.16.7.5</address> 
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</HostAssetInterface> 
</list> 
</networkInterface> 
</HostAsset> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/hostasset.xsd 
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Host Asset Fields 


Name 

OS 

dnsHostName 
netbiosName 
netbiosNetworkld 
networkGuid 
address 


trackingMethod 


openPort 

software 

Read only fields 
qwebHostld 
lastVulnScan 
lastComplianceScan 


vulnsUpdated 


informationGatheredUpdated 
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Description 
(string) 
(string) 
(string) 
(integer) 
(uuid) 
(string) 


(AssetTrackingMethod: NONE, IP, DNSNAME, 
NETBIOS, INSTANCE 1D, QAGENT, 
GCP_INSTANCE_ID (only for GCP instances) 


(HostAssetOpenPortQList) 


(HostAssetSoftwareQList) 


(long) 
(date) 
(date) 
(date) 


(date) 
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account 


biosDescription 


manufacturer 


model 


networkInterface 


processor 
timezone 
totalMemory 
volume 

EC2 fields 


region 


vpcld 
imageld 
instanceld 
accountld 


instanceState 


Qualys Asset Management & Tagging API 
Host Assets 


(HostAssetAccount) 
(string) 

(string) 

(string) 
(HostAssetInterface) 

(HostAssetProcessor) 

(string) 

(long) 


(HostAssetVolume) 


(text) Specify the region code for the AWS 
region. 


For example, ap-northeast-1, us-east-2, eu- 
west-3, etc. 


(text) The ID of your Amazon VPC. 

(text) ID of the Amazon Machine Image (AMI). 
(text) EC2 Instance ID. 

(text) Amazon account ID. 


(text) EC2 Instance state. For example, 
PENDING, RUNNING, TERMINATED, 
STOPPED, etc. 
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subnetld 


privateDnsName 


awsTagKey 


awsTagValue 
Azure Assets 
vmld 


subscriptionld 


location 


state VM 


subnet 


resourceGroup 


resourceGroupName 


privatelpAddress 
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(text) ID of the subnet where your instance is 
located (when Amazon VPC is used). 


(text) The private DNS name of the instance. 


(text) EC2 instance tags. For example, Owner, 
Department, Email, Lifecycle, Name, etc. 


(text) Values for the AWS Tag keys. 


(text) The ID of your VM instance. 


(text) Your unique Microsoft Azure 
subscription ID. 


(text) Specify the location code for the Azure 
region. 


For example, centralindia, westus2. 


(keyword) The Instance state. You can specify 
one of the following states:STARTING, 
RUNNING, STOPPING, STOPPED, 
DEALLOCATED, DEALLOCATING, DELETED. 


(text) ID of the subnet where your VM 
instance is located (when Azure VPC is used). 


(text) Type of the resource group to which 
the VM instance belongs. 


(text) Name of the resource group type to 
which the VM instance belongs. 


(text) The private IP address of the VM 
instance. 
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publicloAddress 


azureTagKey 


azureTagValue 
imageOffer 


imageVersion 


Associations 
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(text) The public IP address of the VM 
instance. 


(text) VM instance tags. For example, Owner, 
Department, Email, Lifecycle, Name, etc. 


(text) Values for the VM instance tag keys. 
(text) Image offer of the VM instance. 


(text) Image version of the VM instance. 


HostAssetOpenPortQList - Open ports (HostAssetOpenPortList) detected or 
explicitly added to the asset. This collection is keyed off of the port and 


protocol. 


Element 
port 


protocol 


Element 
serviceld 


serverName 


integer 


protocol (TCP, UDP, ICMP) 


integer 


string (name of the service detected on the port - read 
only) 


HostAssetSoftwareQList - A list of software (HostAssetSoftware) installed on 
the machine, keyed on the name. 
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Element 
name string 
version string 


HostAssetVulnQList - A list of vulnerabilities detected on the host. Only 
vulnerabilities flagged as found will be returned. More detailed information 
about each detected vulnerability can be obtained from the HostlnstanceVuln 
resource, cross referenced by the hostiInstanceVulnld field. The 
HostlnstanceVuln can also be used to find previously detected vulnerabilities 
that are currently marked as not found. 


Element 

gid long 
hostlnstanceVulniD long 
firstFound date 


lastFound date 
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Get Asset Info 
/aps/rest/2.0/get/am/asset/<id> 


[GET] 


Returns a single asset by ID. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the host asset. Learn more about limiting your results 


Permissions required - Managers with full scope. Other users must have 
requested asset in their scope and these permissions: Access Permission “API 
Access” and Asset Management Permission “Read Asset” 


Sample - Fetch asset ID and list details 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https: //qualysapi.qualys.com/qps/rest/2.0/get/am/asset/12345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>12345</id> 
<name>My Windows Asset</name> 
«created»2014-02-06T19:16:35Z«/created» 
«modified»2014-02-06T19:16:35Z«/modified» 
<type>HOST</type> 
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<tags> 
<list> 
<TagSimple> 
<id>12345</id> 
<name>Tag 1</name> 
</TagSimple> 
<TagSimple> 
<id>54321</id> 
<name>Tag 2</name> 
</TagSimple> 
</ last> 
</tags> 
</Asset> 
</data> 


Sample - Get information for assets in your AWS Cloud 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/asset/13236173" 


Response 


<?xml version="1.0" encoding-" UTF-8"?» 
«ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation-"https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>1</count> 
<data> 
<Asset> 
<id>13236173</id> 
«name»MHCSTRHEL6-2« /name» 
«created»2019-11-12T10:46:30Z«/created» 
«modified»2020-01-07T06:26:41Z«/modified» 
«type»HOST«/type» 
«sourceInfo» 
«list» 
«Ec2AssetSourceSimple» 
<assetId>13236173</assetId> 
<type>EC_2</type> 
<firstDiscovered>2019-11- 
12T10:46:30Z«/firstDiscovered» 
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<lastUpdated>2020-01- 
07T06:20:12Z«/1lastUpdated» 
«reservationId»r- 
03ca004864372ef32«/reservationId» 
«availabilityZone»us-west- 
2a«/availabilityZone» 
<instanceId>i-0edf6a42bb540f885</instanceId> 
<instanceType>t1.micro</instanceType> 
<createdDate>2020-01- 
07T09:09:21Z«/createdDate» 
«instanceState»STOPPED«/instanceState» 
«groupId»sg-7493f147«/groupId» 
«groupName»Red Hat Enterprise Linux -RHEL- 6- 
6-5 GA-AutogenByAWSMP -1</groupName> 
<spotInstance>false</spotInstance> 
<accountId>XXXXXXXXXXXX< /accountId> 
«region»us-west-2«/region» 
«zone»Classic«/zone» 
<imageId>ami-7df@bd4d</imageId> 
<monitoringEnabled>false</monitoringEnabled> 
</Ec2AssetSourceSimple> 
«busto 
«/sourceInfo» 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Get information for assets in your Azure Cloud 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/asset/13511567" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
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€10»13511567«/ id> 
<name>VJ-WIndows</name> 
«created»2019-11-27T06:07:16Z«/created» 
«modified»2020-01-07T06:21:29Z«/modified» 
<type>HOST</type> 
<tags> 
cust 
«TagSimple» 
<id>107258219</id> 
<name>Azure</name> 
</TagSimple> 
ud ge 
</tags> 
<sourceInfo> 
«quist 
«AzureAssetSourceSimple» 
<assetId>13511567</assetId> 
<type>AZURE</type> 
<firstDiscovered>2019-11- 


27T06:07:20Z</firstDiscovered> 


<lastUpdated>2020-01- 


07T06:21:29Z</lastUpdated> 


<name>VJ-WIndows</name> 
<location>centralindia</location> 
<vmSize>Standard_A3</vmSize> 
<vmId>b3fdb9ed-2564-4eaa-9elb- 


7aeb6c196c92</vmId> 


<offer>Windows-10</offer> 
<state>RUNNING</State> 
«publisher»MicrosoftWindowsDesktop«/publisher» 
<version>latest</version> 
<osType>Windows</osType> 
<subnet>default</subnet> 
<subscriptionId>XXXXXXXX - XXXX - XXXX - XXXX - 


XXXXXXXXXXXX« / subscriptionId» 


«resourceGroupName»DefaultResourceGroup- 


CIN«/resourceGroupName» 


«macAddress»00-0D-3A-F0-98-3F«/macAddress» 
<publicIpAddress>52.172.151.254</publicIpAddre 


<privateIpAddress>10.0.0.5</privateIpAddress> 
</AzureAssetSourceSimple> 
SRI Ee 
</sourceInfo> 
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</Asset> 
</data> 
</ServiceResponse> 


Sample - Get information for assets in your GCP Cloud 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https: //qualysapi.qualys.com/qps/rest/2.0/get/am/asset/13511567" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>13569298</id> 
«name»gcp-1-quays-aw8 0«/name» 
«created»2019-12-02T09:32:45Z«/created» 
«modified»2020-01-02T07:03:03Z«/modified» 
«type»HOST«/type» 
«tags» 
<list> 
<TagSimple> 
<id>106777848</id> 
<name>Cloud Agent</name> 
</TagSimple> 
<TagSimple> 
<id>107007013</id> 
<name>gcp</name> 
</TagSimple> 
GARRAZ 
</tags> 
<sourceInfo> 
<list> 
<GcpAssetSourceSimple> 
<assetId>13569298</assetId> 
<type>GCP</type> 
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<firstDiscovered>2019-12- 
02T09:32:46Z«/firstDiscovered» 

«lastUpdated»2019-12- 
02T09:32:46Z«/1astUpdated» 

«instanceId»2152878541443265280«/instanceId» 

«hostname»gcp-1-quays-aw8.c.qvsa- 
dev.internal«/hostname» 

<machineType>n1-standard-1</machineType> 

<zone>us-centrall-a</zone> 

<projectIdNo>1035365309337</projectIdNo> 

<state>RUNNING</State> 

«projectId»test account«/projectId» 

<network>default</network> 

<macAddress>42:01:0a:f0:00:a4</macAddress> 

<publicIpAddress>34.67.172.38</publicIpAddress 


«privatelpAddress»10.240.0.164«/privateIpAddre 

ss» 

«/GcpAssetSourceSimple» 

<AssetSource/> 

</list> 
</sourceInfo> 
</Asset> 
</data> 

</ServiceResponse> 


Sample - Get asset API returns criticality score for an asset 


API request 


curl -n -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "GET" -- 
"https://qualysapi.qualys.com/rest/2.0/get/am/asset/3052446" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest/2 
.0/search/am/asset"> 

<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 

<Asset> 

<id>3052446</id> 


131 


Qualys Asset Management & Tagging API 
Assets 


<name>hkencrtest</name> 
<created>2020-02-06T09:29:23Z</created> 
<modified>2020-10-27T11:56:50Z</modified> 
<type>HOST</type> 
<tags> 
<list> 


«/sourceInfo» 
«criticalityScore»2«/criticalityScore» 
</Asset> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset.xsd 


152 


Qualys Asset Management & Tagging API 
Assets 


Update Asset 
/aps/rest/2.0/update/am/asset/<id> 
/aps/rest/2.0/update/am/asset 


[POST] 


Update fields for an asset and collections of assets. Only the name and tags 
can be modified. 


Using the NOT EQUALS operator for updating assets could result in 
accidental update of unknown assets without any warning. To prevent 
accidental updates of unknown assets, we do not support NOT EQUALS 
operator for update actions. 


Permissions required - Managers with full scope, other users must have the 
requested assets in their scope and these permissions: Access Permission 
“API Access” and Asset Management Permission “Update Asset”. 


We have restricted our asset update requests to static tags and have 
excluded dynamic tags. With this release, we will decline a request if the 
request contains TagSimple list having a dynamic tag for add/remove/set 
operation. The request is processed if it contains only static tags. 


In case of the set operation, if the request includes static tags, then the 
existing static tags are removed and new static tags (specified in the request) 
are applied on that particular asset. All the existing system or dynamic tags 
are retained as is. You cannot add or remove dynamic tags manually. 


Sample - Update asset and give it another name 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/asset/12345" < 
file.xml 

Note: “file.xml” contains the request POST data. 
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Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<Asset> 
<name>Updated Name</name> 
</Asset> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>12345</id> 
<name>Updated Name</name> 
«created»2014-02-06T19:16:35Z«/created» 
«modified»2014-02-06T19:16:35Z«/modified» 
<type>HOST</type> 
<tags> 
lst 
<TagSimple> 
<id>12345</id> 
<name>Tag 1</name> 
</TagSimple> 
<TagSimple> 
<id>54321</id> 
<name>Tag 2</name> 
</TagSimple> 
«Lusto 
«/tags» 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Update tags that have tag names containing the word 
DELETED 
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API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/asset" < file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">DELETED</Criteria> 
<filters> 
<data> 
<Asset> 
<tags> 
<add> 
<TagSimple><id>12345</id></TagSimple> 
<add> 
</tags> 
</Asset> 
</data> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>543</id> 
<name>Old Asset (DELETED)</name> 
«created»2014-02-06T19:16:35Z«/created» 
«modified»2014-02-06T19:16:35Z«/modified» 
«type»HOST«/type» 
«tags» 
«list» 
«TagSimple» 
<id>12345</id> 
<name>Tag 1</name> 
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</TagSimple> 
</l'ist> 
</tags> 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Update the asset with tags 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/asset"« file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="id" operator="IN">8006386</Criteria> 
<filters> 
<data> 
<Asset> 
<tags> 
<add> 
<TagSimple><id>13745031</id></TagSimple> 
<add> 
</tags> 
</Asset> 
</data> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<Asset> 
<id>8006386<</id> 
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</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset.xsd 
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Search Assets 
/aps/rest/2.0/search/am/asset 


[POST] 


Returns a list of assets matching the provided criteria. Assets are returned 
when they are visible to the user (i.e. in the user's scope). 


Pagination - A maximum of 100 host assets are returned by default. To 
customize this specify a “preferences” tag in the POST body of your request. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for each host asset. Learn more about limiting your 
results 


Permissions required - Managers with full scope, other users must have these 


permissions: Access Permission “API Access” and Asset Management 
Permission “Read Asset” 


Searchable fields 


Click here for available operators 


Parameter Description 

id (integer) 

name (text) 

created (date) 

updated (date) 

type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, 


MALWARE_DOMAIN 
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tagName (text) Parent tags of the tag will also match 


tagld (text) Parent tags of the tag will also match 


Sample - Find an asset with a particular tag 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/asset" < file.xml 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="tagName" operator="EQUALS">To 
Delete</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>true</hasMoreRecords> 
<lastId>5693290</lastId> 
<data> 
<Asset> 
<id>543</id> 
<name>Old Asset (To Delete)</name> 
«created»2014-02-06T19:16:35Z«/created» 
«modified»2014-02-06T19:16:35Z«/modified» 
«type»HOST«/type» 
«tags» 
«list» 
«TagSimple» 
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<id>12345</id> 
<name>Tag 1</name> 
</TagSimple> 
</list> 
</tags> 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Search asset API returns criticality score for an asset 


API request 


curl -n -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "POST" -- 
"https://qualysapi.qualys.com/rest/2.0/search/am/asset" < file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" 
operator="EQUALS">hkencrtest</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/rest 
/2.0/search/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<Asset> 
<id>3052446</id> 
<name>hkencrtest</name> 
«created»2020-02-06T09:29:23Z«/created» 
«modified»2020-10-27T11:56:50Z«/modified» 
<type>HOST</type> 


<criticalityScore>2</criticalityScore> 


140 


Qualys Asset Management & Tagging API 
Assets 


</Asset> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset.xsd 
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Count Assets 

/aps/rest/2.0/count/am/asset 

[POST] 

Returns the number of assets that match the provided criteria. A host asset is 
counted when the asset is visible to the user (i.e. in the user’s scope). 
Permissions required - Managers with full scope. Other users must have these 


permissions: Access Permission “API Access” and Asset Management 
Permission “Read Asset” 


Searchable fields 


Click here for available operators 


Parameter Description 

id (integer) 

name (text) 

created (date) 

updated (date) 

type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, 


MALWARE_DOMAIN 
tagName (text) Parent tags of the tag will also match 


tagld (text) Parent tags of the tag will also match 


Sample - Count assets with tag name "To Delete” 
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API request 


curl -u “USERNAME : PASSWORD” 
"https://qualysapi.qualys.com/qps/rest/2.0/count/am/asset" « file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="tagName" operator="EQUALS">To 
Delete</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset.xsd 
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Delete Asset 
/aps/rest/2.0/delete/am/asset/<id> 
/aps/rest/2.0/delete/am/asset 


[POST] 


Delete one or more assets. 


Using the NOT EQUALS operator for deleting assets could result in accidental 
deletion of unknown assets without any warning. To prevent accidental 
deletion of unknown assets, we do not support NOT EQUALS operator for 
delete actions. 


Permissions required - Managers with full scope. Other users must have these 
permissions: Access Permission “API Access” and Asset Management 
Permission “Delete Asset”. 


Searchable fields 


Click here for available operators 


Parameter Description 

id (integer) 

name (text) 

created (date) 

updated (date) 

type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, 


MALWARE_DOMAIN 


tagName (text) Parent tags of the tag will also match 
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tagld (text) Parent tags of the tag will also match 


Sample - Delete assets with a particular tag name 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/asset" « file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="tagName" operator="EQUALS">To 
Delete</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<dd> 1972521x 10> 
</Asset> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset.xsd 


145 


Qualys Asset Management & Tagging API 
Assets 


Activate Asset 
/aps/rest/2.0/activate/am/asset/<id>?module=QWEB_VM 
/aps/rest/2.0/activate/am/asset?module=QWEB_VM 
/aps/rest/2.0/activate/am/asset/<id>?module=QWEB_PC 
/aps/rest/2.0/activate/am/asset?module=QWEB_PC 
/aps/rest/2.0/activate/am/asset/<id>?module=QWEB_SCA 
/aps/rest/2.0/activate/am/asset?module=QWEB_SCA 
/aps/rest/2.0/activate/am/asset/<id>?module=CERTVIEW 
/aps/rest/2.0/activate/am/asset?module=CERTVIEW 

[POST] 

Activate one or more assets to make them available in your account for 
scanning and reporting. You'll want to activate newly created hosts to make 
them available in the Vulnerability Management (VM) module, Policy 
Compliance (PC) module, Security Configuration Assessment (SCA) module, 


or CertView module. 


Permissions required - Users with full scope. Other users must have requested 
assets in their scope and Access Permission “API Access”. 


Searchable fields 


Click here for available operators 


Parameter Description 
id (integer) 
name (text) 
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created (date) 
updated (date) 
type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, 


MALWARE_DOMAIN 


tagName (text) Parent tags of the tag will also match 
tagld (text) Parent tags of the tag will also match 
Samples 


Sample - Activate assets with the tag "Export to VM" 


Sample - Activate assets for PC module 


Sample - Activate assets for SCA module 


Sample - Activate assets for CertView module 


Sample - Activate assets with the tag “Export to VM” 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/activate/am/asset?module-QW 
EB VM" « file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="tagName" operator="EQUALS">Export to 
VM</Criteria> 
</filters> 
</ServiceRequest> 
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Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>1972521</id> 
<name>Test Asset</name> 
«created»2013-12-11T05:12:45Z«/created» 
«modified»2014-02-04T23:55:54Z«/modified» 
«type»HOST«/type» 
«tags» 
<list> 
<SimpleTag> 
<id>12345</id> 
<name>Export to VM</name> 
</SimpleTag> 
<list> 
</tags> 
«sourceInfo» 
dist 
<Ec2AssetSourceSimple> 
«firstDiscovered»2014-02-06T19:14:50Z«/firstDiscovered» 
<lastUpdated>2014-02-06T19:14:50Z</lastUpdated> 
<assetId>1972521</assetId> 
<availabilityZone>us-east</availabilityZone> 
«privateDnsName»ip-10-90-0-73.qualys.com«/privateDnsName» 
<instanceId>i-8b545eef</instanceId> 
<instanceType>t1.micro</instanceType> 
«imageId»ami-03ad6e6a«/imageId» 
«privatelpAddress»127.0.0.1«/privateIpAddress» 
«monitoringEnabled»false«/monitoringEnabled» 
«/Ec2AssetSourceSimple» 
</list> 
«/sourceInfo» 
<openPort> 
<list/> 
</openPort> 
<software> 
<list/> 
</software> 
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<vuln> 
EE 
</vuln> 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Activate assets for PC module 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/activate/am/asset?module-QW 
EB VM" « file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="state" 
operator="EQUALS">DEALLOCATED</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Asset> 
<id>15057806</id> 
<name>asset_for_pc</name> 
<created>2020-07-01T00:04:04Z</created> 
<modified>2020-07-26T00:07:26Z</modified> 
<type>HOST</type> 
<tags> 
<list> 
<TagSimple> 
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<id>110494212</id> 
<name>Azure-static-tag</name> 
</TagSimple> 
dE E 
</tags> 
«sourceInfo» 
E E 
<AzureAssetSourceSimple> 
<assetId>15057806</assetId> 
<type>AZURE</type> 
<firstDiscovered>2020-07-01T00:04:07Z</firstDiscovered> 
«lastUpdated»2020-07-25T22:59:59Z«/1lastUpdated» 
«name»asset for pc«/name» 
«location»eastus«/location» 
«vmSize»Standard A1«/vmSize» 
«vmId»ffc23409-2433-4ca7-b832-033ef231f235«/vmId» 
«offer»CentOS«/offer» 
<state>DEALLOCATED</State> 
<publisher>OpenLogic</publisher> 
<version>latest</version> 
<osType>Linux</osType> 
<subnet>subnet-2849</subnet> 
<subscriptionId>XXXXXXXX - XXXX - XXXX - XXXX - 
XXXXXXXXXXXX« / subscriptionId» 
«resourceGroupName»DefaultResourceGroup- 
EUS</resourceGroupName> 
«macAddress»00-0D-3A-54-1B-AA«/macAddress» 
«privatelpAddress»10.95.0.158«/privateIpAddress» 
«/AzureAssetSourceSimple» 
«lust» 
«/sourceInfo» 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Activate assets for SCA module 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/activate/am/asset?module-QW 
EB SCA" « file.xml 

Note: “file.xml” contains the request POST data. 
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Request POST data 


<ServiceRequest> 
<filters> 
«Criteria field="vmId" operator="EQUALS">ffc23409-2433-4ca7- 
b832-033ef231f235«/Criteria» 
«/filters» 
«/ServiceRequest» 


Response 


<?xml version="1.0" encoding-" UTF-8"?» 
«ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation-"https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>1</count> 
<data> 
<Asset> 
<id>15057806</id> 
<name>sample_azure_asset</name> 
<created>2020-07-01T00:04:04Z</created> 
«modified»2020-07-26T00:09:27Z«/modified» 
«type»HOST«/type» 
«tags» 
<list> 
<TagSimple> 
<id>110494212</id> 
<name>Azure-static-tag</name> 
</TagSimple> 
GORE 
</tags> 
<sourceInfo> 
<list> 
<AzureAssetSourceSimple> 
<assetId>15057806</assetId> 
<type>AZURE</type> 
«firstDiscovered»2020-07-01T00:04:07Z«/firstDiscovered» 
«lastUpdated»2020-07-25T22:59:59Z«/1lastUpdated» 
«name»sample azure asset«/name» 
«location»eastus«/location» 
«vmSize»Standard A1«/vmSize» 
«vmId»ffc23409-2433-4ca7-b832-033ef231f235«/vmId» 
«offer»CentOS«/offer» 
<state>DEALLOCATED</State> 
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<publisher>OpenLogic</publisher> 
<version>latest</version> 
<osType>Linux</osType> 
<subnet>subnet-2849</subnet> 
<subscriptionId>XXXXXXXX - XXXX - XXXX - XXXX - 

XXXXXXXXXXXX« / subscriptionId» 
«resourceGroupName»DefaultResourceGroup- 

EUS</resourceGroupName> 
«macAddress»00-0D-3A-54-1B-AA«/macAddress» 
«privatelpAddress»10.95.0.158«/privateIpAddress» 

«/AzureAssetSourceSimple» 
cds 
«/sourceInfo» 
</Asset> 
</data> 
</ServiceResponse> 


Sample - Activate assets for CertView module 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 

"https: //qualysapi.qualys.com/qps/rest/2.0/activate/am/asset/15057806? 
module=CERTVIEW" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="tagName" 
operator="EQUALS">activation_test_tag 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset.xsd"> 

<responseCode>SUCCESS</responseCode> 
<count>1</count> 
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<data> 
<Asset> 
<id>15057806</id> 
<name>Sample_asset</name> 
«created»2020-07-01T00:04:04Z«/created» 
«modified»2020-07-26T00:11:16Z«/modified» 
«type»HOST«/type» 
«tags» 
<list> 

<TagSimple> 
<id>110878225</id> 
<name>activation_test_tag</name> 

</TagSimple> 

<TagSimple> 
<id>110494212</id> 
<name>Azure-static-tag</name> 

</TagSimple> 

</list> 
</tags> 
«sourceInfo» 

«list» 

«AzureAssetSourceSimple» 
«assetId»15057806«/assetId» 
«type»AZURE«/type» 
«firstDiscovered»2020-07-01T100:04:07Z«/firstDiscovered» 
«lastUpdated»2020-07-25T22:59:59Z«/1lastUpdated» 
«name»Sample asset«/name» 
<location>eastus</location> 
<vmSize>Standard_A1</vmSize> 
«vmId»ffc23409-2433-4ca7-b832-033ef231f235«/vmId» 
«offer»CentOS«/offer» 
<state>DEALLOCATED</state> 
<publisher>OpenLogic</publisher> 
<version>latest</version> 
<osType>Linux</osType> 
<subnet>subnet-2849</subnet> 
<subscriptionId>XXXXXXXX - XXXX - XXXX - XXXX - 

XXXXXXXXXXXX« / subscriptionId» 
«resourceGroupName»DefaultResourceGroup- 
EUS</resourceGroupName> 
<macAddress>00-0D-3A-54-1B-AA</macAddress> 
<privateIpAddress>10.95.0.158</privateIpAddress> 
</AzureAssetSourceSimple> 
<j Last> 
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«/sourceInfo» 
</Asset> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset.xsd 
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Asset Fields 
Name Description 
name (text) 
tags (string) 
id (long) 
created (date) 
modified (date) 
type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, 
MALWARE_DOMAIN 
sourcelnfo (AssetSourceQList) 


Associations 


TagSimpleQList - Asset tags on the associated asset. This collection to be 
added to and removed from by providing a tag ID wrapped in a TagSimple 
element. 


TagSimple 
id long (tag primary key) 
name string (tag name) 


AssetSourceQList - Source information for the associated asset. At the 
moment this is used exclusively for assets that are in Amazon EC2 but may 
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contain additional types in the future. As such, elements will always be of type 
Ec2AssetSourceSimple. 


Element 
availabilityZone 
privateDnsName 
publicDnsName 
instancelD 
instanceType 
imagelD 
publicloAddress 
privateloAddress 
monitoringEnabled 


instanceState 


Description 


(string) 


(string) 


(string) 


(string) 


(string) 


(string) 


(string) 


(string) 


(boolean) 


(AssetSourceStateCode: PENDING, RUNNING, 
SHUTTING DOWN, TERMINATED, STOPPING, 
STOPPED, UNSUPPORTED) 
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Host Instance Vulnerability data 


Get Vulnerability Info 
/aps/rest/2.0/get/am/hostinstancevuln/<id> 


[GET] 


Returns a single host instance vulnerability data by ID. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the host instance vulnerability. Learn more about 


limiting your results 


Permissions required - Managers with Full Scope. Users without Full Scope 
must have these account settings: 1) scope includes the requested asset, and 
2) permissions include: Access Permission “API Access” and Asset 
Management Permission “Read Asset”. 


Sample - Fetch a host instance vulnerability 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostinstancevuln/123 
45" 


Response 


<?xml version="1.0" encoding-" UTF-8"?» 
<ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation-"https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostinstancevuln.xsd"» 
«responseCode»SUCCESS« /responseCode» 
<count>1</count> 
<data> 
<HostInstanceVuln> 
<id>9534081</id> 
<hostAssetId>1543621</hostAssetId> 
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<qid>38167</qid> 
<port>25</port> 
«ssl»true«/ssl» 
<found>true</found> 
<ignored>false</ignored> 
<disabled>false</disabled> 
<updated>2012-10-19T21:56:23Z</updated> 
<protocol>TCP</protocol> 
<source>HOST</source> 
</HostInstanceVuln> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/hostinstancevuln.xsd 


158 


Qualys Asset Management & Tagging API 
Host Instance Vulnerability data 


Search Vulnerabilities 
/aps/rest/2.0/search/am/hostinstancevuln 


[POST] 


Returns a list of host instance vulnerabilities that match the provided criteria. 
These vulnerabilities are returned when the hosts are visible to the user (i.e. in 
the user's scope). 


Limit your results - Use the optional "fields" parameter to limit the amount of 
information returned for each vulnerability. Learn more about limiting your 
results 


Pagination - A maximum of 100 instances are returned by default. To 
customize this specify a “preferences” tag in the POST body of your request. 


Permissions required - Managers with Full Scope. Users without Full Scope 
must have these account settings: 1) scope includes the requested asset, and 


2) permissions include: Access Permission "API Access" and Asset 
Management Permission "Read Asset". 


Searchable fields 


Click here for available operators 


Parameter Description 

id (long) The primary host instance vulnerability key. 

hostAssetld (long) The ID of the host asset where the vulnerability 
was found. 

created (date) The date the vulnerability was added to the 


KnowledgeBase. 


found (boolean) Set to true if the QID was detected on the 
host by the latest scan of that host. 
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firstFound 


lastfound 


lastScanned 


qid 


disabled 


fqdn 


ssl 


updated 


ignored 


protocol 


port 


source 
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(date) The date/time the vulnerability was first 
detected on the host. 


(date) The most recent date/time the vulnerability was 
detected on the host. 


(date) The most recent date/time the vulnerability was 
tested for the host. 


(long) The Qualys vulnerability ID of the vulnerability. 


(boolean) Set to true if the QID is marked as disabled 
in your subscription. Set to false if the QID is not 
marked disabled. 


(string) The fully qualified domain name of the host. 


(boolean) Set to true if the vulnerability was detected 
over SSL. Set to false if the vulnerability was not 
detected over SSL. This element is not returned for 
information gathered. 


(date) The last date/time the vulnerability data was 
updated for the host. 


(boolean) Set to true if the QID/host/port is marked as 
ignored in your subscription. Set to false if the 
QID/host/port is not marked ignored. 


(string) The protocol the vulnerability was detected 
on. TCP, UDP, ICMP. 


Cinteger) The port number the vulnerability was 
detected on. 


(string) The vulnerability source. HOST, ORACLE, 
HSSQL, OTHER. 
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Sample - Search vulnerability instances 


Find all vulnerabilities that were previously detected on a host, and that have 
since been resolved 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostinstancevuln" 
«file.xml 

Note: file.xml contains the request POST data 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="hostAssetId" 
operator="EQUALS">12345</Criteria> 
<Criteria field="found" operator="EQUALS">false</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostinstancevuln.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<HostInstanceVuln> 
<id>9534081</id> 
<hostAssetId>12345</hostAssetId> 
<qid>38167</qid> 
<port>25</port> 
«ssl»true«/ssl» 
<found>true</found> 
<ignored>false</ignored> 
<disabled>false</disabled> 
«updated»2012-10-19T21:56:23Z«/updated» 
<protocol>TCP</protocol> 
<source>HOST</source> 
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</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/hostinstancevuln.xsd 
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Count Vulnerabilities 
/aps/rest/2.0/count/am/hostinstancevuln 


[GET] 


Returns the number of host instance vulnerabilities that match the provided 
criteria. A host instance vulnerability is counted when the asset visible to the 
user (i.e. it is in the user’s scope). 


Permissions required - Managers with Full Scope. Users without Full Scope 
must have these account settings: 1) scope includes the requested asset, and 
2) permissions include: Access Permission “API Access” and Asset 
Management Permission “Read Asset”. 


Sample - Count vulnerabilities on assets 


Count the number of host instance vulnerabilities across all visible assets 


API request 


curl -u "USERNAME :PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/count/am/hostinstancevuln"« 
file.xml 

Note: file.xml contains the request POST data 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="found" operator="EQUALS">true</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/hostinstancevuln.xsd"> 

<responseCode>SUCCESS</responseCode> 
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<count>1</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/hostinstancevuln.xsd 


164 


Qualys Asset Management & Tagging API 
Host Instance Vulnerability data 


Host Instance Vulnerability Fields 


Field name 


id 


hostAssetld 


created 


found 


firstFound 


lastfound 


lastScanned 


qid 


disabled 


fadn 


ssl 


Description 


(long) The primary host instance vulnerability key. 


(long) The ID of the host asset where the vulnerability 
was found. 


(date) The date the vulnerability was added to the 
KnowledgeBase. 


(boolean) Set to true if the QID was detected on the 
host by the latest scan of that host. 


(date) The date/time the vulnerability was first 
detected on the host. 


(date) The most recent date/time the vulnerability was 
detected on the host. 


(date) The most recent date/time the vulnerability was 
tested for the host. 


(long) The Qualys vulnerability ID of the vulnerability. 


(long) Set to true if the QID is marked as disabled in 
your subscription. Set to false if the QID is not marked 
disabled. 


(string) The fully qualified domain name of the host. 


(boolean) Set to true if the vulnerability was detected 
over SSL. Set to false if the vulnerability was not 
detected over SSL. This element is not returned for 
information gathered. 
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updated 


ignored 


protocol 


port 


source 
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(date) The last date/time the vulnerability data was 
updated for the host. 


(boolean) Set to true if the QID/host/port is marked as 
ignored in your subscription. Set to false if the 
QID/host/port is not marked ignored. 


The protocol the vulnerability was detected on (TCP, 
UDP, ICMP). 


(integer) The port number the vulnerability was 
detected on. 


The vulnerability source (HOST, ORACLE, HSSQL, 
OTHER). 
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Asset Data Connector 


Get Connector Info 
/aps/rest/2.0/get/am/assetdataconnector/<id> 


[GET] 


Returns a single asset data connector by ID. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the asset data connector. Learn more about limiting 
your results 


Permissions required - Managers with Full Scope. 


Sample - Fetch asset data connector info 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/assetdataconnector/1 
2345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset data connector.xsd"» 
«responseCode»SUCCESS« /responseCode» 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
<name>new connector</name> 
<awsAccountId>205767712438</awsAccountId> 
<lastSync>2014-11-26T08:44:05Z</lastSync> 
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<lastError>Invalid EC2 AuthRecord</lastError> 
<connectorState>ERROR</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list> 
<TagSimple> 
<id>1</id> 
<name>EC2</name> 
</TagSimple> 
</list> 
</defaultTags> 
<activation> 
<ActivationModule>VM</ActivationModule> 
</activation> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset_data_connector.xsd 
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Update Connector 
/aps/rest/2.0/update/am/assetdataconnector 
/aps/rest/2.0/update/am/assetdataconnector/<id> 


[GET] 


Updates writable fields and collections. Only the name and tags can be 
modified. 


Using the NOT EQUALS operator for updating connectors could result in 
accidental update of unknown connectors without any warning. To prevent 
accidental updates of unknown connectors, we do not support NOT EQUALS 
operator for update actions. 


Permissions required - Managers with Full Scope. 


Sample 1 - Change asset data connector name 


Change the name of the asset data connector with ID 12345 and add a tag 
with the ID of 1 to the defaultTags collection 


API request 


curl -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/update/assetdataconnector/1 
2345" « file.xml 


Request POST data (file.xml): 
<?xml version="1.0" encoding-" UTF-8" ?> 
<ServiceRequest> 
<data> 
<AssetDataConnector> 
<name>Updated Name«/name» 
<defaultTags> 
<add> 
<TagSimple> 
<id>11751040</id> 
</TagSimple> 
</add> 
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</defaultTags> 
</AssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema- 
instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xs 
d/2.0/am/asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
<name>External VPC</name> 
<lastSync>2014-11-26T08:44:05Z</lastSync> 
<lastError /> 
<connectorState>SUCCESS</connectorState> 
<type>AWS</type> 
<defaultTags> 
Lost 
<TagSimple> 
<id>11751040</id> 
<name>EC2</name> 
</TagSimple> 
See 
</defaultTags> 
<activation> 
<ActivationModule>VM< /ActivationModule> 
</activation> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - Add a tag to connectors 


Add a tag to all asset data connectors who's names contain External 


API request 


170 


Qualys Asset Management & Tagging API 
Asset Data Connector 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/assetdataconnector/1 
2345« file.xml 


Request POST data (file.xml): 
«?xml version="1.0" encoding-"UTF-8" ?» 
<ServiceRequest> 
<filters> 
«Criteria field="name" operator="CONTAINS">External</Criteria> 
<filters> 
<data> 
<Asset> 
<tags> 
<add> 
<TagSimple><id>2</id></TagSimple> 
<add> 
</tags> 
</Asset> 
</data> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>13</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
<name>External VPC</name> 
<lastSync>2014-11-26T08:44:05Z</lastSync> 
<lastError /> 
<connectorState>SUCCESS</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list> 
<TagSimple> 
<id>2</id> 
<name>External</name> 
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</TagSimple> 
cet 
«/defaultTags» 
«activation» 
«ActivationModule»VM«/ActivationModule» 
«/activation» 
</AssetDataConnector> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset_data_connector.xsd 
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Search Connectors 
/aps/rest/2.0/search/am/assetdataconnector 


[POST] 


Returns a list of asset data connectors that match the provided criteria. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for each asset data connector. Learn more about limiting 
your results 


Pagination - A maximum of 100 instances are returned by default. To 
customize this specify a “preferences” tag in the POST body of your request. 


Permissions required - Managers with Full Scope. 


Searchable fields 


Click here for available operators 


Parameter Description 

id (long) Primary key 
name (string) 
description (string) 

lastSynch (date) 

lastError (string) 


connectorState (Keyword) (AssetDataConnectorState) PENDING, 
SUCCESS, ERROR, QUEUED, RUNNING, 
PROCESSING, FINISHED_SUCCESS, 
FINISHED_ERRORS, DISABLED, INCOMPLETE, not 


173 


Qualys Asset Management & Tagging API 
Asset Data Connector 


writeable. 
activation (Keyword) VM, PC, SCA, CERTVIEW 
defaultTags.name (Text) The name of a tag in the defaultTags collection 
defaultTag (Integer) The ID of a tag in the defaultTags collection 


disabled (boolean) Whether execution of the connector is 
disabled (YES). If disabled the connector will not 
synchronize assets. 


awsAccountld (Long) The AWS account ID an asset data connector 
is connecting to. 


Sample - Find all asset data connectors with tag name USA 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/assetdataconnecto 


r" « file.xml 
Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding-" UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="defaultTags.name" 
operator="EQUALS">USA</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset data connector.xsd"» 
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<responseCode>SUCCESS</responseCode> 
<count>13</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
<name>DB1</name> 
«awsAccountId»205767712438«/awsAccountId» 
<lastSync>2014-11-26T08:44:05Z</lastSync> 
<lastError /> 
<connectorState>SUCCESS</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list> 
<TagSimple> 
<id>3</id> 
«name»USA«/name» 
«/TagSimple» 
ede 
</defaultTags> 
<activation> 
<ActivationModule>VM</ActivationModule> 
<ActivationModule>PC</ActivationModule> 
</activation> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset_data_connector.xsd 
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Count Connectors 
/aps/rest/2.0/count/am/assetdataconnector 


[POST] 


Returns the number of asset data connectors that match the provided criteria. 


Permissions required - Managers with Full Scope. 


Sample - Count connectors 


Count the number of asset data connectors with the tag name USA 


API request 


curl -u "USERNAME : PASSWORD" 
"https: //qualysapi.qualys.com/qps/rest/2.0/count/am/assetdataconnector 
"< file.xml 


Request POST data (file.xml): 
<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 

<filters> 

<Criteria field="defaultTags.name" 

operator="EQUALS">USA</Criteria> 

</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset data connector.xsd"» 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


XSD 
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<platform API server>/qps/xsd/2.0/am/asset_data_connector.xsd 
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Delete Connector 
/aps/rest/2.0/delete/am/assetdataconnector 
/aps/rest/2.0/delete/am/assetdataconnector/<id> 


[POST] 


Delete one or more asset data connectors. 


Using the NOT EQUALS operator for deleting connectors could result in 
accidental deletion of unknown connectors without any warning. To prevent 
accidental deletion of unknown connectors, we do not support NOT EQUALS 
operator for delete actions. 


Permissions required - Managers with Full Scope. 


Sample 1 - Delete a single asset data connector 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/assetdataconnecto 
r/12345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 
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Sample 2 - Delete several asset data connectors tagged with the To 
Delete tag 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/assetdataconnecto 


r" « file.xml 


Request POST data (file.xml): 
<?xml version="1.0" encoding-"UTF-8" ?» 
<ServiceRequest> 

<filters> 

<Criteria field="tagName" operator="EQUALS">To 

Delete«/Criteria» 

«/filters» 
</ServiceRequest> 


XML output 


<?xml versionz"1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AssetDataConnector> 
<id>1972521</id> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset_data_connector.xsd 
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Run Connector 
/aps/rest/2.0/run/am/assetdataconnector 
/aps/rest/2.0/run/am/assetdataconnector/<id> 


[POST] 


Request that one or more asset data connectors are run. The connectors may 
be run immediately, or queued to run when there is capacity. The response 
will almost always indicate that the connector is pending. Use GET calls to 
monitor the status of connectors. 


Permissions required - Managers with Full Scope. 


Sample 1 - Run a single connector 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/run/am/assetdataconnector/1 
2345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/xsd/2.0/am 
/asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
<name>DB1</name> 
<lastSync>2014-11-26T08:44:05Z</lastSync> 
<lastError /> 
<connectorState>SUCCESS</connectorState> 
<type>AWS</type> 
<defaultTags> 
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<list> 
<TagSimple> 
<id>3</id> 
<name>USA</name> 
</TagSimple> 
</list> 
</defaultTags> 
<activation> 
<ActivationModule>VM</ActivationModule> 
<ActivationModule>PC</ActivationModule> 
</activation> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - Re-run all errored connectors 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/run/am/assetdataconnector" 
« file.xml 


Request POST data (file.xml): 
<?xml version="1.0" encoding-" UTF-8" ?» 
<ServiceRequest> 

<filters> 

<Criteria field="connectorState" 

operator="EQUALS">ERROR</Criteria> 

</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/xsd/2.0/am 
/asset_data_connector.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>13</count> 

<hasMoreRecords>false</hasMoreRecords> 

<data> 

<AssetDataConnector> 
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<id>12345</id> 
<name>DB1</name> 
<lastSync>2014-11-26T08:44:05Z</lastSync> 


<AssetDataConnector> 
<id>12346</id> 


<name>DB2</name> 
<lastSync>2015-01-07T01:50:05Z</lastSync> 


XSD 


<platform API server>/qps/xsd/2.0/am/asset_data_connector.xsd 
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Field name 


id 


name 
description 


lastSynch 


lastError 


connectorState 


type 


defaultTags 


activation 
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Fields 


Description 


(long) Primary key, not 
writeable 


(string) 
(string) 


(date) Last synch date, not 
writeable 


(string) Last error, not 
writeable 


(AssetDataConnectorState) 
PENDING, SUCCESS, 
ERROR, QUEUED, 
RUNNING, PROCESSING, 
FINISHED_SUCCESS, 
FINISHED_ERRORS, 
DISABLED, INCOMPLETE, 
not writeable 


(AssetDataConnectorType) 
AWS, not writeable 


(TagSimpleQList) Tags 
applied to any asset 
discovered by the 
connector 


(List<ActivationModule>) 
Assets discovered by the 
connector will be activated 
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Writable 


No 


Yes 


Yes 


No 


No 


No 


No 


Yes 


Yes 


disabled 


awsAccountld 


Associations 
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for the modules specified 


(boolean) Whether Yes 
execution of the connector 

is disabled (YES). If 

disabled the connector will 

not synchronize assets. 


The AWS account ID an No 
asset data connector is 
connecting to. 


TagSimpleQList - Asset tags to be applied to assets found by the connector. 
This collection to be added to and removed from by providing a tag ID 
wrapped in a TagSimple element. 


TagSimple 


id 


name 


(long) Primary key 


(string) Tag name 
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AWS Asset Data Connector 


Get AWS Connector Info 


/aps/rest/2.0/get/am/awsassetdataconnector/<id> 


[GET] 


Returns a single AWS connector by ID. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the AWS connector. Learn more about limiting your 
results 


Permissions required - Managers with full scope. 


Sample 1 - Fetch the asset data connector with the ID 12345 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/awsassetdataconnecto 
r/12345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="httpd://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data-connector.xsd"» 
«responseCode»SUCCESS« /responseCode» 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AwsAssetDataConnector> 
<id>12345</id> 
<name>new connector</name> 
<awsAccountId>205767712438</awsAccountId> 
<lastSync>2014-11-26T09:27:48Z</lastSync> 
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<lastError>Invalid EC2 AuthRecord</lastError> 
<connectorState>ERROR</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list> 
<TagSimple> 
<id>1</id> 
<name>EC2</name> 
</TagSimple> 
</list> 
</defaultTags> 
<activation> 
<list> 
<ActivationModule>VM</ActivationModule> 
<ActivationModule>CLOUDVIEW</ActivationModule> 
ede 
</activation> 
<authRecord> 
<id>1</id> 
<name>my ec2</name> 
</authRecord> 
<endpoints> 
lis 
</endpoints> 
<allRegions>true</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - Fetch the EC2 connector information with the ID 78801, 
that has CertView module activated. 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/assetdataconnector/7 
8801" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="http://v- 
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qpsi.dev.qualys.com:8080/portal- 
api/xsd/2.0/am/asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AssetDataConnector> 
<id>78801</id> 
<name>cv</name> 
<awsAccountId>383031258652</awsAccountId> 
<lastSync>2019-02-12T23:58:05Z</lastSync> 
«connectorState»FINISHED SUCCESS«/connectorState» 
«type»AWS«/type» 
«activation» 

«list» 
<ActivationModule>CERTVIEW</ActivationModule> 
<ActivationModule>VM</ActivationModule> 

«dst 

</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<isChinaConfigured>false</isChinaConfigured> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 3 - Get connector details 


Here’s how to get details on a connector using GET request. This connector is 
using ARN. For more information on ARN authentication, refer to Support for 
Cross-Account Role Authentication. 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https: //qualysapi.qualys.com/qps/rest/2.0/get/am/awsassetdataconn 
ector/19201" 


Response 


<?xml versionz"1.0" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/2.0 
/am 

/aws asset data connector.xsd"» responseCode»SUCCESS«/responseCode» 
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<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>19201</id> 
<name>user_john</name> 
<awsAccountId>205767712438</awsAccountId> 
<lastSync>2018-02-15T12:51:00Z</lastSync> 
«connectorState»FINISHED SUCCESS«/connectorState» 
«type»AWS«/type» 
<defaultTags> 
<list/> 
</defaultTags> 
<activation> 
<list> 
<ActivationModule>CLOUDVIEW</ActivationModule> 
Se 
</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
«arn»arn:aws:iam::205767712438:role/qualys dev test«/arn» 
«externalld»1518689351038«/externalld» 
<qualysAwsAccountId>383031258652</qualysAwsAccountId> 
<authRecord1/> 
<endpoints> 
<list> 
<AwsEndpointSimple> 
<regionCode>ap-south-1</regionCode> 
</AwsEndpointSimple> 
«pls 
</endpoints> 
<allRegions>false</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data_connector.xsd 
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Create AWS Connector 


/aps/rest/2.0/create/am/awsassetdataconnector 


[POST] 


Creates an AWS asset data connector. 


disabled (boolean) is used to disable an EC2 connector. This parameter can 
be set for a “create” or “update” request. When set to “true” the connector is 
disabled and will not run. 


- If a single connector is run and it is disabled an error is returned. 
- If multiple connectors are run and all are disabled an error is returned. 


- If multiple connectors are run and some are disabled, only connectors that 
are enabled will run. 


Permissions required - Managers with full scope. 


Sample 1 - Create new AWS asset data connector 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor" < file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<name>new connector</name> 
<defaultTags> 
<set> 
<TagSimple> 
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<«id>l</id> 
</TagSimple> 
</set> 
</defaultTags> 
<activation> 
<set> 
<ActivationModule>VM</ActivationModule> 
</set> 
</activation> 
<authRecord> 
<id>1</id> 
</authRecord> 
<allRegions>true</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data-connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>13</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AwsAssetDataConnector> 
<id>12345</id> 
<name>new connector</name> 
<lastSync /> 
<lastError /> 
<connectorState>PENDING</connectorState> 
<type>AWS</type> 
<defaultTags> 
iE E 
<TagSimple> 
<id>1</id> 
<name>EC2</name> 
</TagSimple> 
ed EEEa 
</defaultTags> 
<activation> 
<ActivationModule>VM</ActivationModule> 
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</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<authRecord> 
<id>1</id> 
<name>my ec2</name> 
</authRecord> 
<endpoints> 
<list/> 
</endpoints> 
<allRegions>true</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - Create new AWS asset data connector in disabled state 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 

"https: //qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor" < file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector > 
<name>conn-disabled</name> 
<activation> 
<set> 
<ActivationModule>VM</ActivationModule> 
<ActivationModule>PC</ActivationModule> 
</set> 
</activation> 
<authRecord> 
<id>90802</id> 
</authRecord> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<allRegions>true</allRegions> 
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<disabled>true</disabled> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data-connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>254401</id> 
<name>disabled-connector</name> 
<connectorState>DISABLED</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list/> 
</defaultTags> 
<activation> 
ei E Ez 
<ActivationModule>VM</ActivationModule> 
<ActivationModule>PC</ActivationModule> 
</list> 
</activation> 
<disabled>true</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<authRecord/> 
<endpoints> 
<list> 
<AwsEndpointSimple> 
<regionCode>us -west-1</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
«regionCode»ap-northeast-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»eu-west-1«/regionCode» 
«/AwsEndpointSimple» 


«AwsEndpointSimple» 
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«regionCode»us-east-2«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 

«regionCode»me-south-1«/regionCode» 
«/AwsEndpointSimple» 

List 
</endpoints> 
<allRegions>true</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 3 - Create new AWS asset data connector to be available in 
the CloudView App 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor" « file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding-"UTF-8" ?» 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<name>ARN Connector</name> 
<arn>arn:aws:iam: : 205767712433: role/qualys-demo-account</arn> 
<externalId>123456789123</externalId> 
<allRegions>true</allRegions> 
<useForCloudView>true</useForCloudView> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 
<?xml version="1.0" encoding="UTF-8"?> 
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<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
@/am/aws_asset_data_connector.xsd">'' 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>266408</id> 
<name>conn1</name> 
<awsAccountId> 205767712433</awsAccountId> 
<connectorState>QUEUED</connectorState> 
<type>AWS</type> 
<activation> 
<list> 
<ActivationModule>CLOUDVIEW< /ActivationModule> 
</list> 
</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<isChinaConfigured>false</isChinaConfigured> 
«arn»arn:aws:iam::205767712433:role/qualys-demo- 
account</arn> 
<externalId>123456789123</externalId> 
<qualysAwsAccountId>205767712438</qualysAwsAccountId> 
<authRecord/> 
<endpoints> 
<list> 
<AwsEndpointSimple> 
<regionCode>us -west-1</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
<regionCode>ap-northeast -1</regionCode> 
</AwsEndpointSimple> 


ist 
</endpoints> 
<allRegions>true</allRegions> 
</AwsAssetDataConnector> 


</data> 
</ServiceResponse> 


Sample 4 - Create connectors to include CERTVIEW module 
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API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor/" < file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<name>ARN_Global</name> 
<arn>arn: aws:iam: : 705355653965: role/Demo-PODs</arn> 
<externalId></externalId> 
<allRegions>true</allRegions> 
<activation> 
<set> 
<ActivationModule>VM</ActivationModule> 
<ActivationModule>CERTVIEW</ActivationModule> 
</set> 
</activation> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data connector.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>566601</id> 
<name>ARN_Global</name> 
<awsAccountId>705355653965</awsAccountId> 
<connectorState>QUEUED</connectorState> 
<type>AWS</type> 
<activation> 
<list> 
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<ActivationModule>CERTVIEW</ActivationModule> 
<ActivationModule>VM</ActivationModule> 
cust 
«/activation» 
«disabled»false«/disabled» 
«isGovCloudConfigured»false«/isGovCloudConfigured» 
«isChinaConfigured»false«/isChinaConfigured» 
«arn»arn:aws:iam::705355653965:role/Demo-PODs«/arn» 
«externalld»1550261312725«/externalld» 
<qualysAwsAccountId>383031258652</qualysAwsAccountId> 
<authRecord/> 
<endpoints> 
<list> 
<AwsEndpointSimple> 
«regionCode»us-west-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»ap-northeast-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»eu-west-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»eu-central-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»ap-southeast-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»us-east-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»ca-central-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»eu-west-2«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»ap-southeast-2«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»sa-east-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
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<regionCode>ap-northeast -2</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
<regionCode>ap-south-1</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
<regionCode>us -west-2</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
<regionCode>us -east-2</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
«regionCode»eu-west-3«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»me-south-1«/regionCode» 
«/AwsEndpointSimple» 
</list> 
</endpoints> 
<allRegions>true</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data-connector.xsd 
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Support for AWS GovCloud 


/aps/rest/2.0/create/am/awsassetdataconnector 


[POST] 


Creates an AWS asset data connector for GovCloud regions: us-gov-west-1 
and us-gov-east-1. 


disabled (boolean) is used to disable an EC2 connector. This parameter can 
be set for a “create” or “update” request. When set to “true” the connector is 
disabled and will not run. 


- If a single connector is run and it is disabled an error is returned. 
- If multiple connectors are run and all are disabled an error is returned. 


- If multiple connectors are run and some are disabled, only connectors that 
are enabled will run. 


Permissions required - Managers with full scope. 


Sample - Create new AWS asset data connector for GovCloud 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor" < file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<name>gov-cloud</name> 
<activation> 
<set> 


198 


Qualys Asset Management & Tagging API 
AWS Asset Data Connector 


<ActivationModule>VM</ActivationModule> 
<ActivationModule>PC</ActivationModule> 
</set> 
</activation> 
<isGovCloudConfigured>true</isGovCloudConfigured> 
<authRecord> 
<id>134601</id> 
</authRecord> 
<allRegions>false</allRegions> 
<disabled>false</disabled> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
@/am/aws_asset_data-connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>149008</id> 
<name>gov-cloud</name> 
<awsAccountId>205767712438</awsAccountId> 
<connectorState>PENDING</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list/> 
</defaultTags> 
<activation> 
<list> 
<ActivationModule>VM</ActivationModule> 
<ActivationModule>PC</ActivationModule> 
</list> 
</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>true</isGovCloudConfigured> 
<authRecord/> 
<endpoints> 
ks 
<AwsEndpointSimple> 
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<regionCode>us-gov-west-1</regionCode> 
<regionCode>us-gov-east-1</regionCode> 
</AwsEndpointSimple> 
</list> 
</endpoints> 
<allRegions>false</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data-connector.xsd 
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Support for China Region 
/aps/rest/2.0/create/am/awsassetdataconnector 


[POST] 


Creates an AWS asset data connector for China regions: cn-north-1 and cn- 
northwest-1. 


You can easily scan EC2 instances included in the AWS China region for 
vulnerabilities and policy compliance using the Qualys Cloud Platform. You 
can create/update EC2 connectors to pull instance info from the China region, 
activate discovered instances for the VM, PC or SCA module, and scan them 
using our EC2 scan workflow. 


isChinaConfigured (boolean) is used to enable the China region for an 
EC2connector using the AWS Asset Data Connector API 
(awsassetdataconnector). This parameter can be set for a “create” or 
“update” request, and is valid only when AWS China option is enabled for 
your subscription. 


When isChinaConfigured is set to “true” 
- The connector is configured to pull instance info from the China region only. 
- The connector can’t be configured with allRegions set to “true”. 


Permissions required - Managers with full scope. 


Sample - Create new AWS asset data connector for China region 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor“ < file.xml 

Note: file.xml contains request POST data 


Request POST data 
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<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
«name»cn-conni«/name» 
«authRecord» 
<id>132601</id> 
</authRecord> 
<endpoints> 
<add> 
<AwsEndpointSimple> 
<regionCode>cn-north-1</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
<regionCode>cn-northwest-1</regionCode> 
</AwsEndpointSimple> 
</add> 
</endpoints> 
<isChinaConfigured>true</isChinaConfigured> 
<disabled>false</disabled> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>136605</id> 
«name»cn-conni«/name» 
<awsAccountId>205767712438</awsAccountId> 
«connectorState»QUEUED« / connectorState» 
«type»AWS«/type» 
<defaultTags> 
ezeze 
</defaultTags> 
<activation> 
<list> 
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</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<isChinaConfigured>true</isChinaConfigured> 
<authRecord> 
<id>132601</id> 
«name»china-auth«/name» 
</authRecord> 
<endpoints> 
<list> 
<AwsEndpointSimple> 
<regionCode>cn-north-1</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
<regionCode>cn-northwest-1</regionCode> 
</AwsEndpointSimple> 
</list> 
</endpoints> 
<allRegions>false</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data_connector.xsd 
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Support for Cross-Account Role Authentication 
/aps/rest/2.0/create/am/awsassetdataconnector 


[POST] 


Creates an AWS asset data connector using Cross-Account Role 
Authentication. 


Qualys supports the creation of EC2 connectors using a cross-account access 
role. This allows you to grant Qualys access to your AWS EC2 instances 
without sharing your AWS security credentials. Qualys will access your AWS 
EC2 instances by assuming the IAM role that you create in your AWS account. 


To get started you'll need an IAM role created using your AWS account.You 
can update your existing EC2 connectors to now use cross-account access 
roles. Note that this migration of your existing EC2 connector to cross 
account role is unidirectional and cannot be reverted. 


You can create only one connector for each unique AWS account. It’s 
recommended that you merge multiple EC2 connectors into one by removing 
duplicate connectors before you upgrade to ARN. 


Permissions required - Managers with full scope. 


Sample 1 - Create a new connector 


Create connector when you already have the ARN generated from your AWS 
account 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" 
--data-binary @- 

"https: //qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor" < file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 
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<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<name>user_john</name> 
<arn>arn: aws: iam: : 705355653965: role/ARN_UPGRADE</arn> 
<externalId>1234567890</externalId> 
<endpoints> 
<add> 
<AwsEndpointSimple> 
<regionCode>ap-south-1</regionCode> 
</AwsEndpointSimple> 
</add> 
</endpoints> 
<disabled>false</disabled> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/2.0 
/am/aws asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>19803</id> 
<name>user_john</name> 
<awsAccountId>205767712438</awsAccountId> 
<connectorState>QUEUED</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list/> 
</defaultTags> 
<activation> 
<list/> 
</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<isChinaConfigured>false</isChinaConfigured> 
<arn>arn:aws:iam::705355653965:role/ARN_UPGRADE</arn> 
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<externalId>1234567890</externalId> 
<qualysAwsAccountId>383031258652</qualysAwsAccountId> 
<authRecord/> 
<endpoints> 
<list> 
<AwsEndpointSimple> 
<regionCode>ap-south-1</regionCode> 
</AwsEndpointSimple> 
</list> 
</endpoints> 
<allRegions>false</allRegions> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - Create a new connector when you want to provide the 
ARN later 


If you have dependencies and cannot provide the ARN at the time of creation, 
you could always provide the ARN at a later stage. In this case, the AWS 
connector is created with an INCOMPLETE state. 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne 
ctor" « file.xml 
Note: "file.xml" contains the request POST data. 
Request POST data (file.xml): 
<?xml version="1.0" encoding-" UTF-8"?» 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 

<name>user_john</name> 

<endpoints> 

<add> 

<AwsEndpointSimple> 

<regionCode>ap-south-1</regionCode> 

</AwsEndpointSimple> 

</add> 

</endpoints> 

<disabled>false</disabled> 
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</AwsAssetDataConnector> 
</data> 


</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/2.0 
/am/aws_asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>19201</id> 
«name»my-aws-connector«/name» 
<awsAccountId>205767712438</awsAccountId> 
<connectorState>INCOMPLETE</connectorState> 
<type>AWS</type> 
<defaultTags> 
<list/> 
</defaultTags> 
<activation> 
<list/> 
</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<externalId>1518689351038</externalId> 
<qualysAwsAccountId>383031258652</qualysAwsAccountId> 
<endpoints> 
sus 
«AwsEndpointSimple» 
«regionCode»ap-south-1«/regionCode» 
«/AwsEndpointSimple» 
</list> 
</endpoints> 
<allRegions>false</allRegions> 
</AwsAssetDataConnector> 
</data> 


</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data-connector.xsd 
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Update AWS Connector 


/aps/rest/2.0/update/am/awsassetdataconnector 
/aps/rest/2.0/update/am/awsassetdataconnector/<id> 


[POST] 


Updates writable fields and collections. 


Using the NOT EQUALS operator for updating AWS connectors could result 
in accidental update of unknown AWS connectors without any warning. To 
prevent accidental updates of unknown AWS connectors, we do not support 
NOT EQUALS operator for update actions. 


Permissions required - Managers with full scope. 


Sample 1 - Update AWS connector name 


Change the name of an asset data connector with ID of 12345, add a tag with 
the ID of 1 to the defaultTags collection, and add us-east-1 as scanned region 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/awsassetdataconne 
ctor/12345° < a NICE OH 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<name>Updated Name«/name» 
<defaultTags> 
<add> 
<TagSimple> 
<id>1</id> 
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</TagSimple> 
</add> 
</defaultTags> 
<endpoints> 
<add> 
<AwsEndpointSimple> 
<regionCode>us -east-1</regionCode> 
</AwsEndpointSimple> 
<AwsEndpointSimple> 
<regionCode>me-south-1</regionCode> 
</AwsEndpointSimple> 
<add> 
<endpoints> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
<name>External VPC</name> 
<lastSync>2014-11-26T08:44:05Z</lastSync> 
<lastError /> 
<connectorState>SUCCESS</connectorState> 
<type>AWS</type> 
<defaultTags> 
List 
<TagSimple> 
<id>1</id> 
<name>EC2</name> 
</TagSimple> 
ed EEEa 
</defaultTags> 
<activation> 
<ActivationModule>VM< /ActivationModule> 
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</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - Update existing key-based connector to cross-account 
role 


Here’s how to update an existing connector to use a cross-access account 
role. You'll need the ARN generated from your AWS account. Note that this 
migration of your existing EC2 connector to cross account role is 
unidirectional and cannot be reverted. 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/awsassetdataconne 
ctor/12345" « file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding-" UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
«arn»arn:aws:iam::205767712438:role/qualys dev test</arn> 
<externalId>123456789</externalId> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
«ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/2.0 
/am/aws asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 

<count>1</count> 
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<data> 
<AwsAssetDataConnector> 
<id>19201</id> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 3 - Update existing AWS asset data connector to make it 
available in the CloudView App 


Change the name of an asset data connector with ID of 12345, add a tag with 
the ID of 1 to the defaultTags collection, and add us-east-1 as scanned region 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/awsassetdataconne 
ctor/266203" < file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<useForCloudView>true</useForCloudView> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data connector.xsd"» 

«responseCode»SUCCESS«/responseCode» 

<count>1</count> 

<data> 

<AwsAssetDataConnector> 
<id>266203</id> 
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</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 4 - Update existing AWS asset data connector to include 
CertView module 


Change the name of an asset data connector with ID of 12345, add a tag with 
the ID of 1 to the defaultTags collection, and add us-east-1 as scanned region 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 

"https: //qualysapi.qualys.com/qps/rest/2.@/update/am/awsassetdataconne 
ctor/80201" 

< file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAssetDataConnector> 
<name>new connector-edit</name> 
<activation> 
<add> 
<ActivationModule>CERTVIEW</ActivationModule> 
</add> 
</activation> 
</AwsAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 

xsi:noNamespaceSchemaLocation="http://v- 

qpsi.dev.qualys.com:8080/portal- 

api/xsd/2.0/am/aws asset data connector.xsd"» 
«responseCode»SUCCESS«/responseCode» 


212 


Qualys Asset Management & Tagging API 
AWS Asset Data Connector 


<count>1</count> 
<data> 
<AwsAssetDataConnector> 
<id>80201</id> 
</AwsAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data_connector.xsd 
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Search AWS Connectors 
/aps/rest/2.0/search/am/awsassetdataconnector 


[POST] 


Returns a list of AWS connectors that match the provided criteria. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for each AWS connector. Learn more about limiting your 
results 


Pagination - A maximum of 100 instances are returned by default. To 
customize this specify a “preferences” tag in the POST body of your request. 


Permissions required - Managers with full scope. 


Searchable fields 


Click here for available operators 


Parameter Description 

id (Integer) Primary key 
name (Text) 

description (Text) 

lastSync (Date) 

lastError (Text) 


connectorState (Keyword) (AssetDataConnectorState) PENDING, 
SUCCESS, ERROR, QUEUED, RUNNING, 
PROCESSING, FINISHED_SUCCESS, 
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FINISHED_ERRORS, DISABLED, INCOMPLETE, not 
writeable 


activation (Keyword) VM, PC, SCA, CERTVIEW 


defaultTags.name (Text) The name of a tag in the defaultTags collection 


defaultTag (Integer) The ID of a tag in the defaultTags collection 
allRegions (Boolean) 
serviceType (Keyword) EC2 


endpoint.region (Text) AWS region code 
authRecord (Integer) The ID of the authentication record 
authRecord.name (Text) The name of the authentication record 


disabled (Boolean) Whether execution of the connector is 
disabled (YES). If disabled the connector will not 
synchronize assets. 


Sample 1 - Find all asset data connectors with tag name USA 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconne 
ctor” < file. xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="defaultTags.name" 
operator="EQUALS">USA</Criteria> 
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</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/xsd/2.0/am 
/aws_asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>13</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AwsAssetDataConnector> 
<id>12345</id> 
<name>NEW Connector</name> 
<awsAccountId>205767712438</awsAccountId> 
<lastSync>2014-11-26T09:27:48Z</lastSync> 
<lastError>Invalid EC2 AuthRecord</lastError> 
<connectorState>ERROR</connectorState> 
<type>AWS</type> 
<defaultTags> 
EEE 
<TagSimple> 
<id>1</id> 
«name»USA« /name» 
«/TagSimple» 
bust 
«/defaultTags» 
«activation/» 
<authRecord> 
<id>1</id> 
<name>my ec2</name> 
</authRecord> 
<endpoints> 
e EEE 
<AwsEndpointSimple> 
<regionCode>us-east-1</regionCode> 
</AwsEndpointSimple> 
<iis t> 
</endpoints> 
<allRegions>false</allRegions> 
</AwsAssetDataConnector> 
</data> 
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</ServiceResponse> 


Sample 2 - Search AWS asset data connectors that are made 
available in the CloudView App 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconne 
ctor“ < file. xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="activation" 
operator="EQUALS" >CLOUDVIEW</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
@/am/aws_asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AwsAssetDataConnector> 
<id>266408</id> 
«name»conni«/name» 
<awsAccountId>205767712433</awsAccountId> 
<connectorState>QUEUED</connectorState> 
<type>AWS</type> 
<activation> 
<list> 
<ActivationModule>CLOUDVIEW< /ActivationModule> 
</list> 
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</activation> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<isChinaConfigured>false</isChinaConfigured> 
<arn> arn:aws:iam::205767712433:role/qualys-demo- 
account</arn> 
<externalId>123456789123</externalId> 
<qualysAwsAccountId>205767712438</qualysAwsAccountId> 
<authRecord/> 
<endpoints> 
<list> 
<AwsEndpointSimple> 
«regionCode»us-west-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 
«regionCode»ap-northeast-1«/regionCode» 
«/AwsEndpointSimple» 
«AwsEndpointSimple» 


c ist 
</endpoints> 
<allRegions>true</allRegions> 
</AwsAssetDataConnector> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data_connector.xsd 
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Count AWS Connectors 


/aps/rest/2.0/count/am/awsassetdataconnector 


[POST] 


Returns the number of AWS connectors that match the provided criteria. 


Permissions required - Managers with full scope. 


Sample - Get count of AWS connectors 


Count the number of AWS connectors with the tag name USA 


API request 


curl -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/count/am/assetdataconnector 
"< file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding-" UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="defaultTags.name" 
operator="EQUALS">USA</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data connector.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>1</count> 
</ServiceResponse> 
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XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data_connector.xsd 
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Delete AWS Connector 


/aps/rest/2.0/delete/am/awsassetdataconnector 
/aps/rest/2.0/delete/am/awsassetdataconnector/<id> 


[POST] 


Delete one or more AWS connectors. 


Using the NOT EQUALS operator for deleting AWS connectors could result in 
accidental deletion of AWS connectors without any warning. To prevent 
accidental deletion of unknown AWS connectors, we do not support NOT 
EQUALS operator for delete actions. 


Permissions required - Managers with full scope. 


Sample 1 - Delete a single AWS connector 


API request 


curl -n -u "USERNAME: PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsassetdataconne 
ctor/12345" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data connector.xsd"» 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<AssetDataConnector><id>12345</id></AssetDataConnector> 

</data> 

</ServiceResponse> 


Sample 2 - Delete several AWS connectors tagged with the To 
Delete tag 


221 


Qualys Asset Management & Tagging API 
AWS Asset Data Connector 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsassetdataconne 
ctor“ < file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="tagName" operator="EQUALS">To 
Delete</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/aws asset data connector.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>1</count> 
<data> 
<AssetDataConnector> 
<id>1972521</id> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/aws_asset_data_connector.xsd 
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Run AWS Connector 

/aps/rest/2.0/run/am/assetdataconnector 
/aps/rest/2.0/run/am/assetdataconnector/<id> 

[POST] 

Request that one or more asset data connectors are run. The connectors may 
be run immediately, or queued to run when there is capacity. The response 
will almost always indicate that the connector is pending. Use GET calls to 
monitor the status of connectors. 


Permissions required - Managers with full scope. 


See Run Connector 
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Field name 


id 


name 
description 


lastSynch 


lastError 


connectorState 


type 


defaultTags 


activation 


Description 


(long) Primary key, not 
writeable 


(string) 
(string) 


(date) Last synch date, not 
writeable 


(string) Last error, not 
writeable 


(AssetDataConnectorState) 
PENDING, SUCCESS, 
ERROR, QUEUED, 
RUNNING, PROCESSING, 
FINISHED_SUCCESS, 
FINISHED_ERRORS, 
DISABLED, INCOMPLETE, 
not writeable 


(AssetDataConnectorType) 
AWS, not writeable 


(TagSimpleQList) Tags 
applied to any asset 
discovered by the 
connector 


(List<ActivationModule>) 
Assets discovered by the 
connector will be activated 
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Writable 


No 


Yes 


Yes 


No 


No 


No 


No 


Yes 


Yes 


authRecord 


serviceType 


allRegions 


disabled 


arn 


externalld 


awsAccountld 


useForCloudView 
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for the modules specified 


(AwsAuthRecordSimple) Yes 
The AWS authentication 

record the connector will 

use to connect to AWS. 

When writing/updating it is 
looked up by the ID field. 


(AwsServiceType) EC2 Yes 


(boolean) If true the end Yes 
point’s collection will be 

ignored an all AWS regions 
scanned 


(boolean) Whether Yes 
execution of the connector 

is disabled (YES). If 

disabled the connector will 

not synchronize assets. 


Generated by AWS. Ensure Yes 
that you provide the same 

ARN that is generated by 

AWS. 


Random string which is Yes 
unique for each user. 


The AWS account ID an No 
AWS asset data connector 
is connecting to. 


(boolean) If true the Yes 
connector is made 

available in the CloudView 

App. 
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Associations 


AwsEndointSimpleQList - A basic wrapper with one field: regionCode. This is 
the AWS region code, e.g. us-east-1. 


AwsAuthRecordSimple - The authentication record a connector will use to 


communicate with AWS. id (long) is the connector ID, and name (string) is a 
human readable name to identify the connector key. 
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AWS Authentication Record 


Get AWS Auth Record Info 


/aps/rest/2.0/get/am/awsauthrecord/<id> 


[GET] 


Returns a single AWS authentication record by ID. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the authentication record. Learn more about limiting 
your results 


Permissions required - Managers with full scope. 


Sample - Fetch details on AWS authentication record 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/awsauthrecord/12345" 


Response 


<?xml version="1.0" encoding-" UTF-8"?» 
«ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/awsauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAuthRecord> 
<id>12345</id> 
<name>Auth Record</name> 
«created»2014-02-06T19:14:50Z«/created» 
«modified»2014-02-06T19:14:50Z«/modified» 
</AwsAuthRecord> 
</data> 
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</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/awsauthrecord.xsd 
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Create AWS Auth Record 


/aps/rest/2.0/create/am/awsauthrecord 


[POST] 


Creates a new authentication record. 


Permissions required - Managers with full scope. 


Sample - Create new AWS authentication record 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/awsauthrecord" < 
file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding-"UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAuthRecord> 
<name>Simple Auth Record</name> 
<description>Production Auth Record</description> 
<accessKeyId>AAAAAAAAAAAAAAAAA11A</accessKeyId> 
<secretKey>1aAlaalaaaaalaAaAaaAaalAaaaallaaAAAAaaaA</sec 
retKey» 
«/AwsAuthRecord» 
«/data» 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/awsauthrecord.xsd"> 
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<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAuthRecord> 
<id>12345</id> 
<name>Simple Auth Record</name> 
<description>Production Auth Record</description> 
«created»2014-02-06T19:14:50Z«/created» 
«modified»2014-02-06T19:14:50Z«/modified» 
</AwsAuthRecord> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/awsauthrecord.xsd 
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Update AWS Auth Record 


/aps/rest/2.0/update/am/awsauthrecord 
/aps/rest/2.0/update/am/awsauthrecord/<id> 


[POST] 


Updates writable fields. 


Using the NOT EQUALS operator for updating AWS authentication records 
could result in accidental update of unknown AWS authentication records 
without any warning. To prevent accidental updates of unknown AWS 
authentication records, we do not support NOT EQUALS operator for update 
actions. 


Permissions required - Managers with full scope. 


Sample - Update the secret key of AWS auth record 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/awsauthrecord/12345" 
< file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<AwsAuthRecord> 
<secretKey>1laAlaalaaaaalaAaAaaAaalAaaaallaaAAAAaaaA</secretKe 
y> 
</AwsAuthRecord> 
</data> 
</ServiceRequest> 
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Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/awsauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAuthRecord> 
<id>12345</id> 
<name>Simple Auth Record</name> 
<description>Production Auth Record</description> 
<created>2014-02-06T19:14:50Z</created> 
<modified>2014-02-06T19:14:50Z</modified> 
</AwsAuthRecord> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/awsauthrecord.xsd 
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Search AWS Auth Records 


/aps/rest/2.0/search/am/awsauthrecord 


[POST] 


Returns a list of authentication records that match the provided criteria. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for each authentication record. Learn more about 
limiting your results 


Pagination - A maximum of 100 instances are returned by default. To 
customize this specify a “preferences” tag in the POST body of your request. 


Permissions required - Managers with full scope. 


Searchable fields 


Click here for available operators 


Parameter Description 

id (Integer) AWS auth record ID 

name (Text) AWS auth record name 

description (Text) AWS auth record description 

created (Date) When AWS auth record was created 
modified (Date) When AWS auth record was last modified 


Sample - Search AWS auth records 


Find all authentication records that have a name that contains the string 
AUTH 
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API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsaauthrecord" < 
file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
«Criteria field="name" operator="CONTAINS">Simple</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse 
xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/awsauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>4</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AwsAuthRecord> 
<id>66013771</id> 
<name>Simple Auth Record 1</name> 
«modified»2014-12-22T18:36:44Z«/modified» 
«/AwsAuthRecord» 
«AwsAuthRecord» 
<id>66023771</id> 
<name>Simple Auth Record 2</name> 
«modified»2014-12-22T18:36:58Z«/modified» 
«/AwsAuthRecord» 
<AwsAuthRecord> 
<id>66033771</id> 
<name>Simple Auth Record 3</name> 
<modified>2014-12-22T18:37:01Z</modified> 
</AwsAuthRecord> 
<AwsAuthRecord> 
<id>66043771</id> 
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<name>Simple Auth Record 4</name> 
«modified»2014-12-22T19:11:18Z«/modified» 
</AwsAuthRecord> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/awsauthrecord.xsd 
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Count AWS Auth Records 


/aps/rest/2.0/count/am/awsauthrecord 


[POST] 


Returns the number of authentication records that match the provided 
criteria. 


Permissions required - Managers with full scope. 


Sample - Count AWS auth records 


Count the number of AWS authentication records that have a name that 
contains the string AUTH 


API request 


curl -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/count/am/awsauthrecord"« 
file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding-" UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="name operator="CONTAINS">AUTH</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/awsauthrecord.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 
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XSD 


<platform API server>/qps/xsd/2.0/am/awsauthrecord.xsd 
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Delete AWS Auth Record 


/aps/rest/2.0/delete/am/awsauthrecord 
/aps/rest/2.0/delete/am/awsauthrecord/<id> 


[POST] 


Delete one or more authentication records. 


Using the NOT EQUALS operator for deleting AWS authentication records 
could result in accidental deletion of unknown AWS authentication records 
without any warning. To prevent accidental deletion of unknown AWS 
authentication records, we do not support NOT EQUALS operator for delete 
actions. 


Permissions required - Managers with full scope. 


Sample 1 - Delete a single authentication record 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsauthrecord/123 
45" 


Response 


<?xml version="1.0" encoding-" UTF-8"?» 
«ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/awsauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AssetDataConnector> 
<id>12345</id> 
</AssetDataConnector> 
</data> 
</ServiceResponse> 
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Sample 2 - Delete several authentication records whose names 
contain the string "delete me” 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsauthrecord" < 
file.xml 

Note: file.xml contains request POST data 


Request POST data 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">delete 
me</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml versionz"1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/awsauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AwsAuthRecord> 
<id>2020094</id> 
</AwsAuthRecord> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/awsauthrecord.xsd 


259 


Qualys Asset Management & Tagging API 
AWS Authentication Record 


AWS Auth Record Fields 


Field name 
name 
description 
created 
modified 


secretKey 


accessKeyld 


Description 

(string) Name of the authentication record 

(string) Brief description of the authentication record 
(date) When record was created, not writeable 
(date) When records was last modified, not writeable 


(string) The AWS secret key - write only, cannot be 
read 


(string) The AWS access key - write only, cannot be 
read 
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Azure Asset Data Connector 


Get Azure Connector Info 
/aps/rest/2.0/get/am/azureassetdataconnector/<id> 


[GET] 


Returns a single Azure connector by ID. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for the Azure connector. 


Permissions required - Managers with full scope. 


Sample 1 - List (view) specific AZure Connector 


API request 


curl -n -u "USERNAME:PASSWORD"-H "Content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/azureassetdataconnec 
tor 123459 


Response 


<?xml version="1.0" encoding-" UTF-8"?» 
<ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation-"https://qualysapi.qualys.com/qps/xsd/2. 
0/am/azure asset data connector.xsd"» 
«responseCode»SUCCESS« /responseCode» 
<count>1</count> 
<data> 
<AzureAssetDataConnector> 
<id>287603</id> 
<name>My Azure connector</name> 
<description>Sample Connector</description> 
<lastSync>2019-05-25T03:28:03Z</lastSync> 
«connectorState»FINISHED SUCCESS«/connectorState» 
«type»AZURE«/type» 
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<defaultTags> 
<list> 
<TagSimple> 
<id>8523019</id> 
<name>azure static tag</name> 
</TagSimple> 
</list> 
</defaultTags> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<authRecord> 
<applicationId>33333333-3333-3333-3333- 
333333333333</applicationId> 
<directoryId>22222222-2222-2222-2222- 
222222222222</directoryId> 
<subscriptionId>11111111-1111-1111-1111- 
111111111111</subscriptionId> 
</authRecord> 
</AzureAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - List all Azure Connectors 


API request 


curl -n -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/qps/rest/2.0/get/am/azureassetdataconne 
ctor" 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/azure asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AzureAssetDataConnector> 
<id>287603</id> 
<name>My Azure connector</name> 
<description>Sample Connector</description> 


242 


Qualys Asset Management & Tagging API 
Azure Asset Data Connector 


<lastSync>2019-05-27T06:26:29Z</lastSync> 
<connectorState>QUEUED</connectorState> 
<type>AZURE</type> 
<defaultTags> 
<list> 
<TagSimple> 
<id>8523019</id> 
<name>azure static tag</name> 
</TagSimple> 
«bsc 
«/defaultTags» 
«disabled»false«/disabled» 
«isGovCloudConfigured»false«/isGovCloudConfigured» 
«authRecord/» 
«/AzureAssetDataConnector» 
<AzureAssetDataConnector> 
<id>289601</id> 
<name>Sample Azure Connector</name> 
<description>azure connector</description> 
<lastSync>2019-05-26T02:26:30Z</lastSync> 
<connectorState>QUEUED</connectorState> 
<type>AZURE</type> 
<defaultTags> 
<list> 
<TagSimple> 
<id>8523019</id> 
<name>azure static tag</name> 
</TagSimple> 
</list> 
</defaultTags> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<authRecord/> 
</AzureAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/azure_asset_data_connector.xsd 
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Create Azure Connector 
/aps/rest/2.0/create/am/azureassetdataconnector 


[POST] 


Creates Azure asset data connector. 


Permissions required - Managers with full scope. 


Sample 1 - Create Azure connector 


API request 


curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/create/am/azureassetdatacon 
nector" «file.xml 

Note: file.xml contains request POST data 


Request POST data 


<ServiceRequest> 
<data> 
<AzureAssetDataConnector> 
<name>Azure Connector</name> 
<description>Sample Azure Connector</description> 
<defaultTags> 
<set> 
<TagSimple> 
<id>8523019</id> 
</TagSimple> 
</set> 
</defaultTags> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<authRecord> 
<applicationId>33333333-3333-3333-3333- 
333333333333</applicationId> 
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<directoryId>22222222-2222-2222-2222- 
222222222222</directoryId> 

<subscriptionId>11111111-1111-1111-1111- 
111111111111</subscriptionId> 

<authenticationKey>@02LCb8/RCn@1bGj6xcOGQOPZ1YG2z85aSmCx 
noH@1rog=</authenticationKey> «!-- this is sensitive info; will never 
be replayed back in GET or SEARCH requests --> 

</authRecord> 
</AzureAssetDataConnector> 
</data> 

</ServiceRequest> 


XML output 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/azure_asset_data_connector.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<AzureAssetDataConnector> 
<id>289201</id> 
<name>Azure Connector</name> 
<description>Sample Azure Connector</description> 
«connectorState»QUEUED« /connectorState» 
«type»AZURE«/type» 
<defaultTags> 
<list> 
<TagSimple> 
<id>8523019</id> 
<name>azure static tag</name> 
</TagSimple> 
</list> 
</defaultTags> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<authRecord> 
<applicationId>33333333-3333-3333-3333- 
333333333333</applicationId> 
<directoryId>22222222-2222-2222-2222- 
222222222222</directoryId> 
<subscriptionId>11111111-1111-1111-1111- 
111111111111</subscriptionId> 
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</authRecord> 
</AzureAssetDataConnector> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/awsassetdataconnector.xsd 
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Update Azure Connector 
/aps/rest/2.0/update/am/azureassetdataconnector 
/aps/rest/2.0/update/am/azureassetdataconnector/<id> 


[POST] 


Updates writable fields and collections. 


Using the NOT EQUALS operator for updating Azure connectors could result 
in accidental update of unknown Azure connectors without any warning. To 
prevent accidental updates of unknown Azure connectors, we do not support 
NOT EQUALS operator for update actions. 


Permissions required - Managers with full scope. 


Sample 1 - Update Azure connector name 


API request 


curl -u "USERNAME :PASSWORD" -H "Content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/update/am/azureassetdatacon 
nector/12345" < file.xml 

Note: file.xml contains request POST data 


Request POST data 


<ServiceRequest> 
<data> 
<AzureAssetDataConnector> 
<id>287603</id> 
<name>Sample Azure Connector</name> 
<description>Update sample Azure connector</description> 
</AzureAssetDataConnector> 
</data> 
</ServiceRequest> 


Response 
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<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/azure asset data connector.xsd"» 
«responseCode»SUCCESS«/responseCode» 
<count>1</count> 
<data> 
<AzureAssetDataConnector> 
<id>287603</id> 
<name>Sample Azure Connector</name> 
<description>Update sample Azure connector</description> 
</AzureAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/azure_asset_data_connector.xsd 
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Search Azure Connectors 
/aps/rest/2.0/search/am/azureassetdataconnector 


[POST] 


Returns a list of Azure connectors that match the provided criteria. 


Limit your results - Use the optional “fields” parameter to limit the amount of 
information returned for each AWS connector. 


Pagination - A maximum of 100 instances are returned by default. To 
customize this specify a “preferences” tag in the POST body of your request. 


Permissions required - Managers with full scope. 


Searchable fields 


Click here for available operators 


Parameter Description 

id (integer) The ID of the connector that you want to search. 

name (Text) Name is the name for the connector you want to 
search. 

description Description of the connector you want to search. 

(Text) 


lastSync (Date) Last sync date of the connector 


type (AssetDataConnectorType) Azure, not writeable 
applicationld Unique identifier of the application you create on 
(integer) Azure portal. 
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directoryld Unique identifier of your Azure Active Directory. 
(integer) 

activation (Keyword) VM, PC, SCA, CERTVIEW 

subscriptionld Unique identifier of your Microsoft Azure subscription. 
(integer) 


Sample 1 - Search Azure Connector using connector name 


API request 


curl -u "USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/azureassetdatacon 
nector" «file.xml 

Note: file.xml contains request POST data 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="EQUALS">My Azure 
connector</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/azure asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<AzureAssetDataConnector> 
<id>287603</id> 
<name>My Azure connector</name> 
<description>Sample Connector</description> 
<lastSync>2019-05-27T@6: 26: 29Z</lastSync> 
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<connectorState>QUEUED</connectorState> 
<type>AZURE</type> 
<defaultTags> 
<list> 
<TagSimple> 
<id>8523019</id> 
<name>azure static tag</name> 
</TagSimple> 
<j sie 
</defaultTags> 
<disabled>false</disabled> 
<isGovCloudConfigured>false</isGovCloudConfigured> 
<authRecord/> 
</AzureAssetDataConnector> 
</data> 
</ServiceResponse> 


Sample 2 - Search Azure Connector by subscription ID 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/2.0/search/am/azureassetdatacon 
nector" «file.xml 

Note: file.xml contains request POST data 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="authRecord.subscriptionId" 
operator="EQUALS">11111111-1111-1111-1111-111111111111</Criteria> 
</filters> 
</ServiceRequest> 


Response 


<?xml version="1.0" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 

xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 

0/am/azure asset data connector.xsd"» 
<responseCode>SUCCESS</responseCode> 
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<count>1</count> 

<hasMoreRecords>false</hasMoreRecords> 

<data> 

<AzureAssetDataConnector> 
<id>289601</id> 
<name>My Sample Azure Connector</name> 
<description>sample connector</description> 
<lastSync>2019-05-26T02:26:30Z</lastSync> 
«connectorState»QUEUED« /connectorState» 
«type»AZURE«/type» 
<defaultTags> 
ei Eb E 
<TagSimple> 
<id>8523019</id> 
<name>azure static tag</name> 
</TagSimple> 
cds 
«/defaultTags» 
«disabled»false«/disabled» 
«isGovCloudConfigured»false«/isGovCloudConfigured» 
<authRecord/> 
</AzureAssetDataConnector> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/2.0/am/azure_asset_data_connector.xsd 
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Delete Azure Connector 
/aps/rest/2.0/delete/am/azureassetdataconnector 
/aps/rest/2.0/delete/am/azureassetdataconnector/<id> 


[POST] 


Delete one or more Azure connectors. 


Using the NOT EQUALS operator for deleting Azure connectors could result 
in accidental deletion of Azure connectors without any warning. To prevent 
accidental deletion of unknown Azure connectors, we do not support NOT 
EQUALS operator for delete actions. 


Permissions required - Managers with full scope. 


Sample 1 - Delete Azure connector 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/am/azureassetdatacon 
nector/289201" 


Response 


<?xml version="1.0" encoding-" UTF-8"?» 
«ServiceResponse xmlns:xsi-"http://www.w3.0rg/2001/XMLSchema- instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 
0/am/azure asset data connector.xsd"» 
«responseCode»SUCCESS« /responseCode» 
<count>1</count> 
<data> 
<AzureAssetDataConnector> 
<id>289201</id> 
</AzureAssetDataConnector> 
</data> 
</ServiceResponse> 
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XSD 


<platform API server>/qps/xsd/2.0/am/azure_asset_data_connector.xsd 
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